...
| Code Block |
|---|
char src1[100] = "hello";
char src2[8] = {'g','o','o','d','b','y','e','\0'};
char dst1[6], dst2[5];
int r1, r2;
r1 = strcpy_s(dst1, sizeof(dst1), src1);
r2 = strcpy_s(dst2, sizeof(dst2), src2);
|
Wiki Markup src2}} to {{dst2}} fails because there is insufficient space available to copy the entire string, which consists of eight characters, to the destination buffer. As a result, {{r2}} is assigned a nonzero value and {{dst2\[0\]}} is set to the null character.
Users of the C11 Annex K functions are less likely to introduce a security flaw because the size of the destination buffer and the maximum number of characters to append must be specified. ISO/IEC TR 24731 Part II (24731-2, in progress) will offer another approach, supplying functions that allocate enough memory for their results. ISO/IEC TR 24731 functions also ensure null termination of the destination string.
...
Tool | Version | Checker | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
|
Related Vulnerabilities
...
Bibliography
Wiki Markup
[Seacord 2005b|AA. Bibliography#Seacord 05b]\]
...