...
The managed string library is based on a dynamic approach in that memory is allocated and reallocated as required. This approach eliminates the possibility of unbounded copies, nullNULL-termination errors, and truncation by ensuring there is always adequate space available for the resulting string (including the terminating null NULL character).
A runtime-constraint violation occurs when memory cannot be allocated. In this way, the managed string library accomplishes the goal of succeeding or failing loudly.
...
The following code illustrates how the managed string library can be used to create a managed string and retrieve a nullNULL-terminated byte string from the managed string.
| Code Block |
|---|
errno_t retValue; char *cstr; /* pointer to nullNULL - terminated byte string */ string_m str1 = NULL; if (retValue = strcreate_m(&str1, "hello, world", 0, NULL)) { fprintf(stderr, "Error %d from strcreate_m.\n", retValue); } else { /* retrieve nullNULL - terminated byte string and print */ if (retValue = getstr_m(&cstr, str1)) { fprintf(stderr, "error %d from getstr_m.\n", retValue); } printf("(%s)\n", cstr); free(cstr); /* free nullNULL - terminated byte string */ } |
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Burch 06|AA. C References#Seacord 06]\] \[[CERT 06|AA. C References#CERT 06]\] \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.21, "String handling <string.h>" \[[Seacord 05a|AA. C References#Seacord 05a]\] Chapter 2, "Strings" |