...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Mitigation Strategies
(Section under construction by Ciera. Just wanted to get some current notes down here before I clean it up.)
Static Analysis
We can catch these with a local flow analysis. We will assume an integer range analysis to track the length of the strings. (Note: I am not entirely familiar with the literature on buffer-overflow analysis, but we should check that none of them already handle this scenario.)
...