Do not initialize an array of characters using a string literal with more characters (including the '\0') than the array. ThereforeConsequently, it is necessary to specify the correct size of a string literal (char s4 = "abc"
.
Non-Compliant Code Example
...
The size of the array is three, although the size of the string literal is 4.
Compliant Solution
...
This compliant solution uses the the initialization method of not describing the size, because the result of the expectation always can be obtained even if the size of the string literal is changed,
| Code Block | ||
|---|---|---|
| ||
char s[4] = "abc"; |
Compliant Solution
This compliant solution uses the the initialization method of not describing the size.
| Code Block | ||
|---|---|---|
| ||
char s[] = "abc";
|
This is the preferred approach, because the result of the expectation always can be obtained even if the size of the string literal is changed.
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR09-A | high | probable | medium | P12 | L1 |
...