...
Reusing variable names leads to programmer confusion about which variable is being modified. Additionally, if variable names are reused, generally one or both of the variable names are too generic.
Non-Compliant Code Example (strpcy())
In this non-compliant code example, the programmer sets the value of the msg variable, expecting to reuse it outside the block. Due to the reuse of the variable name, however, the outside msg variable value is not changed.
...
Furthermore, if the length of the null-terminated byte string referenced by error_msg is greater than 79 characters in length, a buffer overflow will occur on the stack, which may be exploitable.
Non-Compliant Code Example (strcpy_s())
| Wiki Markup |
|---|
In this non-compliant code example, the call to {{strpcy()}} has been replaced with a call to {{strcpy_s()}}. See \[[STR00-A. Use TR 24731 for remediation of existing string manipulation code]]. |
...