...
Wiki Markup |
---|
The {{strlen()}} function can be used to determine the length of the strings referenced by {{argv\[0\]}} through {{argv\[argc-1\]}} so that adequate memory can be dynamically allocated:. Note that care must be taken to avoid assuming that {{argv\[0\]}} is non-null. |
Code Block |
---|
|
int main(int argc, char *argv[]) {
/* ... Be prepared for argv[0] to be null */
const char* const name = argv[0] ? argv[0] : "";
char *prog_name = (char *)malloc(strlen(argv[0]name) + 1);
if (prog_name != NULL) {
strcpy(prog_name, argv[0]name);
}
else {
/* Couldn'tFailed getto theallocate memory - recover */
}
/* ... */
}
|
...
Compliant Solution (argv
) (strcpy_s()
)
Wiki Markup |
---|
The {{strcpy_s()}} function provides additional safeguards, including accepting the size of the destination buffer as an additional argument (see [STR07-C. Use TR 24731 for remediation of existing string manipulation code |
). Code Block |
---|
|
int main(int argc, char *argv[]) {
/* ... */
char * prog_name;
size_t prog_size;
prog_size = strlen(argv[0])+1;
prog_name = (char *)malloc(prog_size);
if (prog_name != NULL) {
if (strcpy_s(prog_name, prog_size, argv[0])) {
/* Handle strcpy_s() error */
}
}
else {
/* Couldn't get the memory - recover */
}
/* ... */
}
|
The strcpy_s()
function can be used to copy data to or from dynamically allocated memory or a statically allocated array. If insufficient space is available strcpy_s()
returns an error.
Compliant Solution (argv
) (memcpy()
)
|STR07-C. Use TR 24731 for remediation of existing string manipulation code]). Note that care must be taken to avoid assuming that {{argv\[0\]}} is non-null. |
Code Block |
---|
|
int main(int argc, char *argv[]) {
/* Be prepared for argv[0] to be null */
const char* const name = argv[0] ? argv[0] : "";
char * prog_name;
size_t prog_size;
prog_size = strlen(name) + 1;
prog_name = (char *)malloc(prog_size);
if (prog_name != NULL) {
if (strcpy_s(prog_name, prog_size, name)) {
/* Handle strcpy_s() error */
}
}
else {
/* Failed to allocate memory - recover */
}
/* ... */
}
|
The strcpy_s()
function can be used to copy data to or from dynamically allocated memory or a statically allocated array. If insufficient space is available strcpy_s()
returns an error.
Compliant Solution (argv
) (memcpy()
)
Wiki Markup |
---|
The C standard {{memcpy()}} function provide a similar capability to {{strcpy_s()}}, but is universally available. Note that care must be taken to avoid assuming that {{argv\[0\]}} is non-null. Note also that {{memcpy}} must not be called with a null pointer even when the second (size) argument is zero |
The C standard memcpy()
function provide a similar capability to strcpy_s()
, but is universally available Code Block |
---|
|
int main(int argc, char *argv[]) {
/* ... */
/* Be prepared for argv[0] to be null */
const char* const name = argv[0] ? argv[0] : "";
char *prog_name;
size_t prog_size;
prog_size = strlen(argv[0]name) + 1;
prog_name = (char *)malloc(prog_size);
if (prog_name != NULL) {
memcpy(prog_name, argv[0]name, prog_size);
}
else {
/* Couldn'tFailed getto theallocate memory - recover */
}
/* ... */
}
|
...
Compliant Solution (argv
)
Wiki Markup |
---|
If an argument is not going to be modified or concatenated, there is no reason to make a copy of the string. Not copying a string is the best way to prevent a buffer overflow, and is |
the best way to prevent a buffer overflow, and is also the most efficient solution also the most efficient solution. Note that care must be taken to avoid assuming that {{argv\[0\]}} is non-null. |
Code Block |
---|
|
int main(int argc, char *argv[]) {
/* ... Be prepared for argv[0] to be null */
const char *prognameprog_name = argv[0] ? argv[0] : "";
size_t prog_size;
/* ... */
}
|
...
Code Block |
---|
|
/* ... */
char *buff;
char *editor = getenv("EDITOR");
if (editor == NULL) {
/* EDITOR environment variable not set */
} else {
size_t len = strlen(editor)+1;
buff = (char *)malloc(len);
if (buff == NULL) {
/* Handle malloc() Errorerror */
}
memcpy(buff, editor, len);
}
/* ... */
|
...