...
| Code Block | ||
|---|---|---|
| ||
char s[3] = "abc"; |
The size of the array s is three, although the size of the string literal is four. If the intention of this code is to initialize a NULLAny subsequent use of the array as a null-terminated byte string , then any subsequent usage of the array is dangerous because the string the array represents does not have a terminating '\0'.
Compliant Solution
This compliant solution uses the appropriate size for initializing a NULL-terminated byte string from the string literal, by accounting for the space needed for the terminating '\0'.
...
| bgColor | #ccccff |
|---|
...
can result in a vulnerability, because the s is not properly null-terminated.
Compliant Solution
This compliant solution uses the array initialization method which does not explicitly describe the sizedoes not specify the dimension of a character array in the array declaration. By omitting the size, the array will automatically be of appropriate length to store the full string literal.
...
STR36-EX1: If the intention is to create only an character array of characters ( and not a NULLnull-terminated byte string) the space for the terminating NULL of a string literal can be omitted. For example, in the non-compliant code above, the assumption was that a NULL-terminated byte string was to be initialized. If the intention was , initializing to fit exactly without a null byte is allowed but not recommended. The preferred approach to create an array containing just the three characters, 'a', 'b', and 'c', then the for example is correct., is to declare each character literal as a separate element as follows:
| Code Block |
|---|
char s[3] = { 'a', 'b', 'c' };
|
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR36-C | high | probable | medium low | P12 P18 | L1 |
Related Vulnerabilities
...