Page History

Non-

...

Compliant Code Example 1

These two lines of code assume that gets() will not read more than BUFSIZ characters from stdin.  This is an invalid assumption and the resulting operation can result in a buffer overflow.

char buf[BUFSIZ + 1];
gets(buf);

Non-

...

Compliant Code Example 2

The standard function strncpy() and strncat() do not guarantee that the resulting string is null terminated.  If there is no null character in the first n characters of the source array pointed the result is not be null-terminated as in the following example:

...