Page History

There are a number of existing libraries available for managing string data; the library selected depends on the approach adopted for managing null-terminated byte strings. The functions defined by C99, Section 7.21, "String handling <{{string.h}}>" \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] are primarily intended for managing statically allocated strings. However, these functions are problematic because many of them are insufficiently bounded.  Consequently, this standard recommends use of the ISO/IEC TR 24731-1 \[[ISO/IEC TR 24731-1:2007|AA. Bibliography#ISO/IEC TR 24731-1-2007]\] functions for use with statically allocated arrays. (See recommendation [STR07-C. Use TR 24731C11 Annex K  bounds-checking interfaces for remediation of existing string manipulation code].) These functions provide bounds-checking interfaces to protect against buffer overflows and other runtime constraint violations.