Non-Compliant Code Example
These two lines of code assume that gets() will not read more than BUFSIZ characters from stdin. This is an invalid assumption and the resulting operation can result in a buffer overflow.
...
Null-terminated byte strings are, by definition, null-terminated. String operations cannot determine the length or end of strings that are not properly null-terminated which can consequently result in buffer overflows and other undefined behavior.
Non-Compliant Code Example
The standard function strncpy() and strncat() do not guarantee that the resulting string is null terminated. If there is no null character in the first n characters of the source array pointed the result is not be null-terminated as in the following example:
...