SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 41

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 42

changes.mady.by.user Pamela Curtis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFCCCC
char msg[100];
/* ... */
void report_error(const char *error_msg) {
  char msg[80];
  /* ... */
  /* Assume error_msg isn't too long */
  strcpy(msg, error_msg);
  return;
}

int main(void) {
  /* ... */
  /* Ensure error_msg isn't too long */
  if (strlen(error_msg) >= sizeof( msg)) {
    error_msg[sizeof(msg) - 1] = '\0';
  }
  report_error(error_msg); /* oops! */
  /* ... */
}

Furthermore, if the length of the null-terminated byte string referenced by error_msg is greater than 79 characters in length, a buffer overflow will occur on the stack, which may be exploitable. This occurs in spite of the outer function's attempt to prevent buffer overflow!

...

Wiki Markup
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 5.2.4.1, "Translation limits"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "YOW Identifier name reuse"
\[[MISRA 04|AA. C References#MISRA 04]\] Rule 5.2

...