Page History

...

Code Block

errno_t retValue;
char *cstr;  /* pointer to null - terminated byte string */
string_m str1 = NULL;

if (retValue = strcreate_m(&str1, "hello, world", 0, NULL)) {
  fprintf(stderr, "Error %d from strcreate_m.\n", retValue);
}
else { /* retrieve null - terminated byte string and print */
  if (retValue = getstr_m(&cstr, str1)) {
    fprintf(stderr, "error %d from getstr_m.\n", retValue);
  }
  printf("(%s)\n", cstr);
  free(cstr); /* free null - terminated byte string */
}

...

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
STR01-A	3 (high)	2 (probable)	1 (high)	P6	L2

Related Vulnerabilities

Search for Examples of vulnerabilities resulting from the violation of this recommendation can be found rule on the CERT website.

References

Wiki Markup

\[[Burch 06|AA. C References#Seacord 06]\]
\[[CERT 06|AA. C References#CERT 06]\]
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.21, "String handling <string.h>"
\[[Seacord 05a|AA. C References#Seacord 05a]\] Chapter 2, "Strings"

Space shortcuts

Page tree

Versions Compared

Old Version 19

New Version 20

Key

Related Vulnerabilities

References