...
FIO11-EX0: Untrusted binary data that is expected to be a valid string may be read and converted to a string. Doing so safely is explained in IDS17-J. Use compatible encodings on both sides of file or network IO. Also see guideline FIO02IDS13-J. Keep track of bytes read and account for character encoding while reading dataDo not assume every character in a string is the same size.
Risk Assessment
Attempting to read a byte array containing raw character data as if it were character data may produce erroneous results.
...