...
This solution requires that string_data is null-terminated; that is, a null byte can be found within the bounds of the referenced character array. Otherwise, strlen() will stray into other objects before finding a null byte.
Compliant Solution (
...
strcpy_s(), C11 Annex K)
The strcpy_s() function defined in Extensions to the C Library—Part I C11 Annex K [ISO/IEC TR 24731-1:20079899:2011], which provides additional safeguards, including accepting the size of the destination buffer as an additional argument. (See STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code.) Also, strnlen_s() accepts a maximum-length argument for strings that may not be null-terminated.
...
If a runtime-constraint error is detected by either the call to strnlen_s() or strcpy_s(), the currently registered runtime-constraint handler is invoked. See ERR03-C. Use runtime-constraint handlers when calling the bounds-checking interfaces for more information on using runtime-constraint handlers with TR 24731-1 C11 Annex K functions.
Exceptions
STR03-EX1: The intent of the programmer is to intentionally truncate the null-terminated byte string.
...
| CERT C++ Secure Coding Standard | STR03-CPP. Do not inadvertently truncate a null-terminated character array |
| ISO/IEC TR 24731-1:2007 9899:2011 | K.3.7.1.3 The strcpy_s Function |
| ISO/IEC TR 24772:2013 | String Termination [CJM] |
| MITRE CWE | CWE-170, Improper null termination CWE-464, Addition of data structure sentinel |
...