Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C++ Secure Coding Standard as STR32-CPP. Null-terminate byte strings as required.

References

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.1.1, "Definitions of terms," Section 7.20.3.4 "The realloc function," and Section 7.21, "String handling <string.h>"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "CJM String Termination"
\[[ISO/IEC TR 24731-1:2007|AA. C References#ISO/IEC TR 24731-1-2007]\] Section 6.7.1.4, "The strncpy_s function"
\[[MITRE 07|AA. C References#MITRE 07]\] [CWE ID 119|http://cwe.mitre.org/data/definitions/119.html], "Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer," [CWE ID 170|http://cwe.mitre.org/data/definitions/170.html], "Improper Null Termination"
\[[Schwarz 05|AA. C References#Schwarz 05]\]
\[[Seacord 05a|AA. C References#Seacord 05]\] Chapter 2, "Strings"
\[[Viega 05|AA. C References#Viega 05]\] Section 5.2.14, "Miscalculated NULL termination"

...