...
Null-terminated byte strings are implemented as arrays of characters and are susceptible to the same problems as arrays. As a result, rules and recommendations for arrays should also be applied to null-terminated byte strings.
...
Understanding how to represent characters and character strings can eliminate many common programming errors that lead to software vulnerabilities.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
STR00-C | Medium | Probable | Low | P12 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| Supported indirectly via MISRA C:2004 rule 6.1 and MISRA C:2012 rule 10.1. | |||||||
CodeSonar |
| MISC.NEGCHAR | Negative Character Value | ||||||
LDRA tool suite |
| 329 S, 432 S | Fully implemented | ||||||
Parasoft C/C++test |
| CERT_C-STR00-a | The plain char type shall be used only for the storage and use of character values | ||||||
RuleChecker |
| Supported indirectly via MISRA C:2004 rule 6.1 and MISRA C:2012 rule 10.1. | |||||||
SonarQube C/C++ Plugin |
| S810 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
[ISO/IEC 9899:2011] | Subclause 6.2.6, "Representations of Types" |
[Seacord 2013] | Chapter 2, "Strings" |
...
...