SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 61

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 62

changes.mady.by.user Alen Zukich

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
The {{strcpy_s()}} function defined in \[[ISO/IEC TR 24731-1:2007|AA. References#ISO/IEC TR 24731-1-2007]\] provides additional safeguards, including accepting the size of the destination buffer as an additional argument (see [STR07-C. Use TR 24731 for remediation of existing string manipulation code|STR07-C. Use TR 24731 for remediation of existing string manipulation code]). Also, {{strnlen_s()}} accepts a maximum-length argument for strings that may not be null-terminated.

...

Compass/ROSE could detect violations in the following manner: All calls to strncpy() and the other functions should be follwed by an assignment of a terminating character to null-terminate the string.

Klocwork Version 8.0.4.16 can detect violations of this rule with the NNTS checker.  See Klocwork Cross Reference

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...