...
The strcpy_s() function defined in Extensions to the C Library—Part I [ISO/IEC TR 24731-1:2007], which provides additional safeguards, including accepting the size of the destination buffer as an additional argument. (See STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code.) Also, strnlen_s() accepts a maximum-length argument for strings that may not be null-terminated.
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Include Page | LDRA_V | LDRA_V | 115 S | Fully implemented. | |||||
Fortify SCA | V. 5.0 |
| Can detect violations of this rule with CERT C Rule Pack. | ||||||
Compass/ROSE |
|
| Could detect violations in the following manner: all calls to | ||||||
Fortify SCA | 5.0 |
| Can detect violations of this rule with CERT C Rule Pack. | ||||||
| NNTS |
| |||||||
| 115 S | Fully implemented. |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
...
...
| String termination |
...
...
...
| Improper null termination |
...
...
...
| Addition of data structure sentinel |
...
Bibliography
| [Seacord 2005a] | Chapter 2, "Strings" |
...