SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 92

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 93

changes.mady.by.user Amy Gale

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The strcpy_s() function defined in C11 Annex K  [ISO/IEC 9899:2011] provides additional safeguards, including accepting the size of the destination buffer as an additional argument. (See STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code.) Also, strnlen_s() accepts a maximum-length argument for strings that may not be null-terminated.

...

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
MISC.MEM.NTERMNo Space For Null Terminator

Compass/ROSE

 

 

Could detect violations in the following manner: all calls to strncpy() and the other functions should be followed by an assignment of a terminating character to null-terminate the string

Fortify SCA

5.0

 

Can detect violations of this rule with CERT C Rule Pack

Klocwork

Include Page
Klocwork_V
Klocwork_V

NNTS

 

LDRA tool suite

Include Page
LDRA_V
LDRA_V

115 S

Fully implemented

...

Related Guidelines

CERT C++ Secure Coding StandardSTR03-CPP. Do not inadvertently truncate a null-terminated character array
ISO/IEC TR 24772:2013String Termination [CJM]
MITRE CWECWE-170, Improper null termination
CWE-464, Addition of data structure sentinel

...