...
The strcpy_s() function defined in C11 Annex K [ISO/IEC 9899:2011] provides additional safeguards, including accepting the size of the destination buffer as an additional argument. (See STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code.) Also, strnlen_s() accepts a maximum-length argument for strings that may not be null-terminated.
...
| CERT C++ Secure Coding Standard | STR03-CPP. Do not inadvertently truncate a null-terminated character array |
| ISO/IEC TR 24772:2013 | String Termination [CJM] |
| MITRE CWE | CWE-170, Improper null termination CWE-464, Addition of data structure sentinel |
Bibliography
| [ | ISO/IEC 9899:2011]Subclause K.3.7.1.3 "The strcpy_s Function" | [Seacord 2013] | Chapter 2, "Strings" |
...