SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 24

changes.mady.by.user Alex Volkovitsky

Saved on

compared with

New Version 25

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
char *temp;
char copy[16];

char *temp = getenv("TEST_ENV");
if (temp != NULL) {
  strcpy(copy, temp);
}

...

Use the strlen() function to calculate the size of the string and dynamically allocate the required space.

Code Block
bgColor#ccccff

char *temp;
char *copy = NULL;

ifchar ((*temp = getenv("TEST_ENV"));
if (temp != NULL) {
  copy = (char *)malloc(strlen(temp) + 1);
  if (copy != NULL) {
    strcpy(copy, temp);
  }
  else {
    /* handle error condition */
  }
}

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ENV01-A

high

likely

low

P27

L1

Automated Detection

The tool Compass Rose /ROSE can detect violations of the rule by using the same method as STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator.

...