SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 16

changes.mady.by.user Aaron Ballman

Saved on

compared with

New Version 17

changes.mady.by.user Aaron Ballman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
langcpp
#include <iostream>
 
void f() {
  char buf[12];
  std::cin >> buf;

}

Noncompliant Code Example

...

Code Block
bgColor#ffcccc
langcpp
#include <iostream>
 
void f() {
  char buf_one[12];
  char buf_two[12];
  std::cin.width(12);
  std::cin >> buf_one;
  std::cin >> buf_two;

}

Noncompliant Code Example

...

Code Block
bgColor#ffcccc
langcpp
#include <iostream>
 
void f() {
  char buf_one[12];
  char buf_two[12];
  std::cin.width(12);
  std::cin >> buf_one;
  std::cin.width(12);
  std::cin >> buf_two;

}

Compliant Solution

The best solution for ensuring that data is not truncated, and buffer overflows are guarded against, is to use std::string instead of a bounded array, as in this compliant solution:

...

[ISO/IEC 14882-2014]

27.7.2.2.3, "basic_istream::operator>>"

[Seacord 2013b]Chapter 2, "Strings"

 

      07007. Characters and Strings (STR)      STR08-CPP. Do not specify the bound of a character array initialized with a string literal