...
The following noncompliant code example calls std::ios_base_width() prior to each call to operator>>(). However, it still does not account for the input being truncated. Only the first 11 characters are read from the standard input stream, and a null terminator is then appended. The input could therefore be truncated, leading to information loss or a possible vulnerability.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <iostream>
void f() {
char buf_one[12];
char buf_two[12];
std::cin.width(12);
std::cin >> buf_one;
std::cin.width(12);
std::cin >> buf_two;
} |
...