...
| Code Block | ||
|---|---|---|
| ||
char msg[100];
/* ... */
void error_message(char *error_msg) {
char msg[80];
/* ... */
/* error_msg is assumed to reference a NTBS of length 99 or less */
errno_t e = strcpy_s(msg, sizeof(msg), error_msg);
if (e != 0) {
/* handle strcpy_s() error */
}
}
|
| Wiki Markup |
|---|
This code fixes one of the two problems from the previous non-compliant code example: it eliminates the possibility of buffer overflow because two references to {{msg}} in {{strcpy_s()}} both refer to {{msg\[80\]}} defined in the subscope. The initial problem of not changing the value of the outside {{msg}} variable value remains. The call to {{strcpy_s()}} will also fail if the length of the null-terminated byte string referenced by {{error_msg}} is longer than 79 characters in length. |
Compliant Solution
This compliant solution uses different, more descriptive variable names. Also it uses strcpy_s().
...