There are two basic approaches for managing null-terminated byte strings in C programs: the first is to maintain strings in statically allocated arrays; the second is to dynamically allocate memory as required. Each approach has advantages and disadvantages. However, it generally makes sense to select a single approach to managing strings and apply it consistently across a project. Otherwise, the decision is left to individual programmers who are likely to make different, inconsistent choices.
...
| Wiki Markup |
|---|
There are a number of existing libraries available for managing string data; the library selected depends on the approach adopted for managing null-terminated byte strings. The functions defined by C99, Section 7.21, "String handling <{{string.h}}>" \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] are primarily intended for managing statically allocated strings. However, these functions are problematic because many of them are insufficiently bounded. Consequently, this standard recommends use of the ISO/IEC TR 24731-1 \[[ISO/IEC TR 24731-1:2007|AA. Bibliography#ISO/IEC TR 24731-1-2007]\] functions for use with statically allocated arrays. (See recommendation [STR07-C. Use TR 24731 for remediation of existing string manipulation code].) These functions provide bounds-checking interfaces to protect against buffer overflows and other runtime constraint violations. |
| Wiki Markup |
|---|
ISO/IEC PDTRTR 24731-2 (in progress) offers another approach, supplying functions that allocate enough memory for their results \[[ISO/IEC PDTRTR 24731-2|AA. Bibliography#ISO/IEC ISO/IEC PDTRTR 24731-2]\]. ISO/IEC PDTRTR 24731-2 provides an API that dynamically allocates the results of string functions, as needed. Almost all of the APIs in this TR are also in a current International Standard. For example, PDTRTR 24731-2 includes POSIX functions, such as {{strdup()}} \[[ISO/IEC 9945:2003|AA. Bibliography#ISO/IEC 9945-2003]\], as well as functions from the Linux Standard Base Core Specification such as {{asprintf()}} \[[ISO/IEC 23360-1:2006|AA. Bibliography#ISO/IEC 23360-1-2006]\]. |
| Wiki Markup |
Another library that uses dynamic allocation is the CERT managed string library. The managed string library described in \[[Burch 2006|AA. Bibliography#Burch06]\] was developed in response to the need for a string library that could improve the quality and security of newly developed C language code while eliminating obstacles to widespread adoption and possible standardization. The managed string library eliminates the possibility of unbounded copies, null-termination errors, and truncation by ensuring there is always adequate space available for the resulting string (including the terminating null character). The primary advantage of the CERT managed string library is that the source code is freely available so that the library can be adopted and customized as required by an organization. |
Risk Assessment
Failing to adopt a consistent plan for managing strings within an application can lead to inconsistent decisions, which may make it difficult to ensure system properties, such as adhering to safety requirements.
...
MISRA Rule 20.4
Bibliography
| Wiki Markup |
|---|
\[[Burch 2006|AA. Bibliography#Burch06]\]
\[[CERT 2006c|AA. Bibliography#CERT 06c]\]
\[[Seacord 2005a|AA. Bibliography#Seacord 05a]\] Chapter 2, "Strings" |
...