Page History

There are a number of existing libraries available for managing string data; the library selected depends on the approach adopted for managing null-terminated byte strings.  The functions defined by C99 Section 7.21, "String handling <string.h>" \[[ISO/IEC 9899-:1999|AA. C References#ISO/IEC 9899-1999]\] are primarily intended for managing statically allocated strings.  However, these functions are problematic because many of them are insufficiently bounded.  Consequently, this standard recommends use of the ISO/IEC TR 24731-1 \[[ISO/IEC TR 24731-1-:2007|AA. C References#ISO/IEC TR 24731-1-2007]\] functions for use with statically allocated arrays (see [STR07-A. Use TR 24731 for remediation of existing string manipulation code]). These functions provide bounds-checking interfaces to protect against buffer overflows and other runtime constraint violations.

\[[Burch 06|AA. C References#Burch06]\]
\[[CERT 06c|AA. C References#CERT 06c]\]
\[[ISO/IEC 9945:2003|AA. C References#ISO/IEC 9945-2003]\]
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.21, "String handling <string.h>"
\[[ISO/IEC 23360-1:2006|AA. C References#ISO/IEC 23360-1-2006]\]
\[[ISO/IEC TR 24731-1-:2007|AA. C References#ISO/IEC TR 24731-1-2007]\]
\[[ISO/IEC PDTR 24731-2|AA. C References#ISO/IEC PDTR 24731-2-2007]\] 
\[[MISRA 04|AA. C References#MISRA 04]\] Rule 20.4 
\[[Seacord 05a|AA. C References#Seacord 05a]\] Chapter 2, "Strings"