...
Noncompliant Code Example
The following This noncompliant code overflows its buffer if msg is too long, and it has undefined behavior if msg is a null pointer:
...
Compliant Solution (Runtime)
The following This compliant solution will not overflow its buffer:
...
Compliant Solution (Partial Compile Time)
The following This compliant solution performs some of the checking at compile time using a static assertion. (See DCL03-C. Use a static assertion to test the value of a constant expression.)
...
String-handling functions defined in the C Standard, subclause 7.24, and elsewhere are susceptible to common programming errors that can lead to serious, exploitable vulnerabilities. Proper use of the C11 Annex K functions can eliminate most of these issues.
...
Related Vulnerabilities
Search for for vulnerabilities resulting from the violation of this rule on the CERT website.
...