[metadata]
id = "API02-C"
type = "recommendation"
category = "API"
number = 2
title = "Functions that read or write to or from an array should take an argument to specify the source or target size"
description = """
Functions that have an array as a parameter should also have an additional
parameter that indicates the maximum number of elements that can be stored in
the array. That parameter is required to ensure that the function does not
access memory outside the bounds of the array and adversely influence program
execution. It should be present for each array parameter (in other words, the
existence of each array parameter implies the existence of a complementary
parameter that represents the maximum number of elements in the array). Note
thatarrayis used in this recommendation to mean array, string, or any other
pointer to a contiguous block of memory in which one or more elements of a
particular type are (potentially) stored. These terms are all effectively
synonymous and represent the same potential for error. Also note that this
recommendation suggests the parameter accompanying array parameters indicates
the maximum number of elements that can be stored in the array, not the maximum
size, in bytes, of the array, because
"""
severity = "High"
likelihood = "Likely"
priority = "P18"
level = "L1"
cert_version = "2016 Edition (Wiki)"
last_modified = "Jun 16, 2025"
[rules.cert_c.API02-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/API02-C.+Functions+that+read+or+write+to+or+from+an+array+should+take+an+argument+to+specify+the+source+or+target+size"