...
The technical report ISO/IEC TR 24731-2 [ISO/IEC TR 24731-2:2010] also provides an API that dynamically allocates the results of string functions as needed.
...
String-handling functions defined in the C standardStandard, section 7.24 [ISO/IEC 9899:2011], and elsewhere are susceptible to common programming errors that can lead to serious, exploitable vulnerabilities. Managed strings, when used properly, can eliminate many of these errors, particularly in new development.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
ISO/IEC 9899:2011 Section 7.24, "String handling <string.h>"
Bibliography
| [Burch 2006] | |
| [CERT 2006c] | |
| [Seacord 2005a] | Chapter 2, "Strings" |
...