...
Vulnerabilities that result from copying data to an undersized buffer often involve null-terminated character arrays (NTCA). Consult STR31-CPP. Guarantee that storage for character arrays has sufficient space for character data and the null terminator for specific examples of this rule that involve NTCA.
Most such copies are made with the memcpy() function. However the memmove() function and the memset() function can also have the same vulnerabilities because they overwrite a block of memory without checking that the block is valid.
Noncompliant Code Example (Array)
...