The C standard allows an array variable to be declared both with a dimension index and with an initialization literal. The initialization literal also implies an array size, in the number of elements specified. For strings, the size specified by a string literal is the number of characters in the literal plus one for the terminating null character.
It is common for an array variable to be declared with both a string literal, and a size index which specifies the number of characters in the string literal. This is one too few characters to hold the string, since it does not account for to be initialized using a string literal that fits exactly in the array, not counting the terminating null character. However, this This has limited utility and the potential to cause vulnerabilities when a null-terminated byte string is assumed. Consequently, this practice is disallowed by this Secure Coding standard.
A better approach is to not specify the dimension of a character array string initialized with a string literal, as the compiler will automatically allocate sufficient space for the entire string literal, including the terminating null character.
Initializing an Incidentally, initializing a character array using a string literal to fit exactly without a null byte is not allowed in C++.
...