...
An exception to this rule applies if the intent of the programmer was to intentionally truncate the null-terminated byte string. To be compliant with this standard, this intent must be clearly stated in comments.
Priority: P2 Level: L3
Truncating strings can lead to a loss of data and, in some cases, exploitable vulnerabilities.
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR34-C | |||||
Component | Value | ||||
Severity | 1 (low) Likelihood | 1 (unlikely) Remediation cost | 2 (medium) | P2 | L3 |
References
- ISO/IEC 9899-1999 Section 7.21 String handling <string.h>
- Seacord 05a Chapter 2 Strings
- ISO/IEC TR 24731-2006