...
These functions truncate strings that exceed the specified limits. Additionally, some functions such as strncpy() do not guarantee that the resulting string is NULL terminated (see STR32-C. Null-terminate byte strings as required).
Unintentional truncation results in a loss of data and, in some cases, leads to software vulnerabilities.
...
| Wiki Markup |
|---|
The {{strcpy_s()}} function defined in \[[ISO/IEC TR 24731-1-2007|AA. C References#ISO/IEC TR 24731-1-2007]\] provides additional safeguards, including accepting the size of the destination buffer as an additional argument (see [STR07-A. Use TR 24731 for remediation of existing string manipulation code]). Also, {{strnlen_s()}} accepts a maximum-length argument for strings that may not be NULL terminated. |
...