...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <string.h>
void func(void) {
char s[10] = "abc";
strcpy(&s[3], "def");
} |
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR11-C | Low | Probable | Low | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||
|---|---|---|---|---|---|---|---|
| Astrée |
|
| Supported: Astrée can detect subsequent code defects that this rule aims to prevent. | |||||||||
| Axivion Bauhaus Suite |
| CertC-STR11 | |||||||
| Compass/ROSE |
| CC2.STR36 | Fully implemented | |||||||
| Helix QAC |
| C1312 | |||||||
| LDRA tool suite |
| 404 S | Partially implemented | ||||||
| Parasoft C/C++test |
|
|
|
String does not terminate with null character
CERT_C-STR11-a | Do not specify the bound of a character array initialized with a string literal | ||||||||
| PC-lint Plus |
| 784 | Partially supported | ||||||
| Polyspace Bug Finder |
| Checks for missing null in string array (rec. partially covered) |
| Splint |
|
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
| [ECTC 1998] | Section A.8, "Character Array Initialization" |
| [ISO/IEC 9899:2011] | Subclause 6.7.9, "Initialization" |
| [Seacord 2013] | Chapter 2, "Strings" |
...
...