...
A good example is the null-terminated byte string type in C. If a string lacks the terminating null character, the program may be tricked into accessing storage after the string as legitimate data. This may cause a program to process a string that it should not, which might be a security flaw in itself. It may also cause the program to abort, which might be a denial of service attack.
Note also Also note that the emphasis is not to produce unterminated strings.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Other Languages
Related Guidelines
CERT This rule appears in the C++ Secure Coding Standard as : API07-CPP. Enforce type safety.
Bibliography
Wiki Markup
ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] TR 24772 "CJM String Termination"
\[[ISO/IEC TR 24731-1:2007|AA. Bibliography#ISO/IEC TR 24731-1-2007]\] Section 6.7.1.4, "The strncpy_s function"
Bibliography
...
API04-C. Provide a consistent and usable error checking mechanism 13. Application Programming Interfaces (API) API08-C. Protect header prototypes from misinterpretation