Why is this an issue?
A call to sizeof(sizeof(...)) is equivalent to sizeof(size_t), and indicates a misuse or misunderstanding of the
sizeof construct.
Noncompliant code example
#include <string.h>
int main(int argc, char* argv[])
{
char buffer[42];
char buffer2[sizeof(sizeof(buffer))]; /* Noncompliant - a single sizeof() was intended */
memcpy(buffer, "Hello, world!", strlen("Hello, world!")+1);
memcpy(buffer2, buffer, sizeof(buffer)); /* Buffer overflow */
return 0;
}
Compliant solution
#include <string.h>
int main(int argc, char* argv[])
{
char buffer[42];
char buffer2[sizeof(buffer)]; /* Compliant */
memcpy(buffer, "Hello, world!", strlen("Hello, world!")+1);
memcpy(buffer2, buffer, sizeof(buffer));
return 0;
}
