Page History

...

Null-terminated byte strings are implemented as arrays of characters and are susceptible to the same problems as arrays. As a result, rules and recommendations for arrays should also be applied to null-terminated byte strings.

...

Understanding how to represent characters and character strings can eliminate many common programming errors that lead to software vulnerabilities.

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
STR00-C

medium

Medium

probable

Probable

low

Low

P12

L1

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

Supported indirectly via MISRA C:2004 rule 6.1 and MISRA C:2012 rule 10.1.

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

MISC.NEGCHAR

Negative Character Value

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

329 S, 432 S

Fully implemented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-STR00-a

The plain char type shall be used only for the storage and use of character values

RuleChecker

Include Page

	RuleChecker_V
	RuleChecker_V

Supported indirectly via MISRA C:2004 rule 6.1 and MISRA C:2012 rule 10.1.

SonarQube C/C++ Plugin

Include Page

	SonarQube C/C++ Plugin_V
	SonarQube C/C++ Plugin_V

S810

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++

Secure

Coding Standard

VOID STR00-CPP. Represent characters using an appropriate type

Bibliography

[ISO/IEC 9899:2011]	Subclause 6.2.6, "Representations of Types"
[Seacord 2013]	Chapter 2, "Strings"

...

Image Modified Image Modified Image Modified

Space shortcuts

Page tree

Versions Compared

Old Version 34

New Version Current

Key

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography