...
In this noncompliant example, the unformatted input function std::basic_istream<T>::read() is used to read an unformatted character array of 32 characters from the given file. However, the read() function does not guarantee that the string will be null terminated, so the subsequent of call of the std::string constructor results in undefined behavior if the character array does not contain a null terminator.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| CERT C Secure Coding Standard | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
...