...
In this compliant solution, the while loop in the GetMachineName() function is bounded so that the loop terminates when a backslash character is found, the null termination character (L'\0') is discovered, or the end of the buffer is reached. This code does not result in a buffer overflow , even if no backslash character is found in wszMachineName.
...
Noncompliant Code Example (Null Pointer Arithmetic)
The following This noncompliant code example is similar to an Adobe Flash Player vulnerability that was first exploited in 2008. This code allocates a block of memory, and initializes it with some data. The data does not belong at the beginning of the block, which is left uninitialized. Instead, it is placed offset bytes within the block. The function ensures that the data fits within the allocated block.
...