...
The size of the array s is three, although the size of the string literal is four. Any subsequent use of the array as a null-terminated byte string can result in a vulnerability, because s is not properly null-terminated. (See rule STR32-C. Null-terminate byte strings as required.)
Implementation Details
...