...
In this noncompliant example, the call to fscanf() can result in a write outside the character array buf.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h>
enum { BUF_LENGTH = 1024 };
void get_data(void) {
char buf[BUF_LENGTH];
fscanf(stdin, "%s", buf); */
/* rest of function
}
|
...
In this compliant solution, the call to fscanf() is constrained not to overflow buf.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h>
enum { BUF_LENGTH = 1024 };
void get_data(void) {
char buf[BUF_LENGTH];
fscanf(stdin, "%1024s", buf);
/* rest of function */
}
|
...
Vulnerabilities can occur when inadequate space is allocated to copy a command-line argument or other program input. In this noncompliant code example, an attacker can manipulate the contents of argv[0] can be manipulated by an attacker to cause a buffer overflow:
...
The strcpy_s() function provides additional safeguards, including accepting the size of the destination buffer as an additional argument . (See see STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code). ) Do not assume that argv[0] is non-null.
...