SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 54

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 55

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider (sch jbop) (X_X)@==(Q_Q)@

Wiki Markup
Copying data in to a buffer that is not large enough to hold that data results in a buffer overflow. While not limited to Null Terminated Byte Strings (NTBS), this type of error often occurs when manipulating NTBS data. To prevent such errors, limit copies either through truncation (although consult \[[STR03-A. Do not inadvertently truncate a nullNULL terminated byte string]] for problems that may cause) or, preferably, ensure that the destination is of sufficient size to hold the character data to be copied and the nullNULL-termination character.

Include Page
c:STR31 NCCE off-by-1
c:STR31 NCCE off-by-1

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[Dowd 06|AA. C References#Dowd 06]\] Chapter 7, "Program Building Blocks" (Loop Constructs 327-336)
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.1.1, "Definitions of terms," Section 7.21, "String handling <string.h>," Section 5.1.2.2.1, "Program startup," and Section 7.20.4.5, "The getenv function"
\[[Seacord 05|AA. C References#Seacord 05]\] Chapter 2, "Strings"
[Vulnerabilities|http://www.kb.cert.org/vulnotes/byid?searchview&query=cert-seccode:STR31-C]