Page History

This noncompliant code example demonstrates what is commonly referred to as an _off-by-one_ error \[[Dowd 06|AA. References#DowdBibliography#Dowd 06]\]. The loop copies data from {{src}} to {{dest}}. However, the null terminator may incorrectly be written one byte past the end of {{dest}} because the loop does not account for the null-termination character that must be appended to {{dest}}. 

\[[Dowd 06|AA. References#DowdBibliography#Dowd 06]\] Chapter 7, "Program Building Blocks" (Loop Constructs 327-336)
\[[ISO/IEC 9899:1999|AA. References#ISOBibliography#ISO/IEC 9899-1999]\] Section 7.1.1, "Definitions of terms," Section 7.21, "String handling <string.h>," Section 5.1.2.2.1, "Program startup," and Section 7.20.4.5, "The getenv function"
\[[ISO/IEC PDTR 24772|AA. References#ISOBibliography#ISO/IEC PDTR 24772]\] "CJM String Termination," "XYW Buffer Overflow in Stack", and "XYB Buffer Overflow in Heap"
\[[MITRE|AA. References#MITREBibliography#MITRE]\] [CWE ID 119|http://cwe.mitre.org/data/definitions/119.html], "Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer"
\[MITRE\] [CWE ID 120|http://cwe.mitre.org/data/definitions/120.html], "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
\[MITRE\] [CWE ID 193|http://cwe.mitre.org/data/definitions/193.html], "Off-by-one Error"
\[[Seacord 05a|AA. References#SeacordBibliography#Seacord 05]\] Chapter 2, "Strings"
\[[xorl 2009|AA. References#xorlBibliography#xorl 2009]\] ["FreeBSD-SA-09:11: NTPd Remote Stack Based Buffer Overflows"|http://xorl.wordpress.com/2009/06/10/freebsd-sa-0911-ntpd-remote-stack-based-buffer-overflows/]