...
The following code shows how the managed string library can be used to create a managed string and retrieve a null-terminated byte string from the managed string.:
| Code Block |
|---|
errno_t retValue;
char *cstr; /* pointer to null-terminated byte string */
string_mx *str1 = NULL;
retValue = strcreate_m(&str1, "hello, world", 0, NULL);
if (retValue != 0) {
fprintf(stderr, "Error %d from strcreate_m.\n", retValue);
}
else { /* retrieve null-terminated byte string and print */
retValue = getstr_m(&cstr, str1);
if (retValue != 0) {
fprintf(stderr, "error %d from getstr_m.\n", retValue);
}
printf("(%s)\n", cstr);
free(cstr); /* free null-terminated byte string */
cstr = NULL;
}
|
...
String-handling functions defined in the C Standard, section Section 7.24 [ISO/IEC 9899:2011], and elsewhere are susceptible to common programming errors that can lead to serious, exploitable vulnerabilities. Managed strings, when used properly, can eliminate many of these errors, particularly in new development.
...