Page History

...

The managed string library is based on a dynamic approach in which memory is allocated and reallocated as required. This approach eliminates the possibility of unbounded copies, nullNULL-termination errors, and truncation by ensuring there is always adequate space available for the resulting string (including the terminating null NULL character).

A runtime-constraint violation occurs when memory cannot be allocated. In this way, the managed string library accomplishes the goal of succeeding or failing in a pronounced manner.

...

The following code illustrates how the managed string library can be used to create a managed string and retrieve a nullNULL-terminated byte string from the managed string.

Code Block

errno_t retValue;
char *cstr;  /* pointer to nullNULL-terminated byte string */
string_m str1 = NULL;

retValue = strcreate_m(&str1, "hello, world", 0, NULL);
if (retValue != 0)) {
  fprintf(stderr, "Error %d from strcreate_m.\n", retValue);
}
else { /* retrieve nullNULL-terminated byte string and print */
  retValue = getstr_m(&cstr, str1);
  if (retValue != 0) {
    fprintf(stderr, "error %d from getstr_m.\n", retValue);
  }
  printf("(%s)\n", cstr);
  free(cstr); /* free nullNULL-terminated byte string */
  cstr = NULL;
}

...

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
STR01-A	3 ( high )	2 ( probable )	1 ( high )	P6	L2

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup

\[[Burch 06|AA. C References#Burch06]\]
\[[CERT 06c|AA. C References#CERT 06c]\]
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.21, "String handling <string.h>"
\[[Seacord 05a|AA. C References#Seacord 05a]\] Chapter 2, "Strings"

...

Space shortcuts

Page tree

Versions Compared

Old Version 1

New Version 2

Key

Related Vulnerabilities

References