The following defects have been reported against ISO/IEC TS 17961:2013, Information technology – Programming languages, their environments and system software interfaces – C Secure Coding Rules.
Subject: CSCR error in 5.21 example
Date: April 2014
In N1801 it is argued that the example is wrong, and the committee agrees. The following TC from that paper was approved, with the suggestion that changing malloc(8) to malloc(2) would be even more compelling.
Change the example in 5.21 to:
struct S1 { int x, y, z;}; /* sizeof(S1) is 12 */ struct S1 *copyS1(const struct S1 s) { struct S1 *q = (struct S1 *)malloc(8); /* Diagnostic required */ *q = s; return q; }