...
These function truncate strings that exceed the specified limits. Additionally, some functions such as strncpy() do not guarantee that the resulting string is null-terminated STR33-C.
Truncation results in a loss of data, and in some cases, leads to software vulnerabilities.
Non-Compliant Code Example
The standard function strncpy() and strncat() copy a specified number n characters from a source string to a destination array. If there is no null character in the first n characters of the source array the result is not be null-terminated and any remaining charactes are truncated
| Code Block |
|---|
char *string_data; char a[16]; ... strncpy(a, string_data, sizeof(a)); |
Compliant Solution
Truncation resulting from a string copy operation should be treated as an error condition.
| Code Block |
|---|
#define A_SIZE 16 char *string_data; size_t string_len; char a[16A_SIZE]; ... if (!string_data) { if (strlen(astring_data) < sizeof(a))A_SIZE) { strcpy(a, string_data); } else { /* handle errorstring too large condition */ } } else { /* handle null errorstring condition */ } |
Compliant Solution 2
Example using strcpy()
Compliant Solution 3
Example using strncpy_s()
Exception
An exception to this rule applies if the intent of the programmer was to convert a intentionally truncate the null-terminated byte string to a character array. To be compliant with this standard, this intent must be made clear statement in comments.
References
- ISO/IEC 9899-1999 7.21.2.4 The strncpy function
- ISO/IEC 9899-1999 7.21.3.2 The strncat function
- SAMATE Reference Dataset Test Case ID 000-000-004