...
ISO/IEC TR 24731-1 functions are still capable of overflowing a buffer if the maximum length of the destination buffer and number of characters to copy are incorrectly specified. ISO/IEC TR 24731-2 functions may make it more difficult to keep track of memory that must be freed, leading to memory leaks. As a result, the ISO/IEC TR 24731 functions are not especially secure but may be useful in preventive maintenance to reduce the likelihood of vulnerabilities in an existing legacy code base.
...
Non-Compliant Code Example
The following noncompliant code overflows its buffer if msg is too long, and has undefined behavior if msg is a null pointer.
...