You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Non-compliant Code Example 1

These two lines of code assume that gets() will not read more than BUFSIZ characters from stdin.  This is an invalid assumption and the resulting operation can result in a buffer overflow.

char buf[BUFSIZ + 1];
gets(buf);

Non-compliant Code Example 2

The standard function strncpy() and strncat() do not guarantee that the resulting string is null terminated.  If there is no null character in the first n characters of the source array pointed the result is not be null-terminated as in the following example:

char a[16];
strncpy(a, "0123456789abcdef", sizeof(a));

Compliant Solution 1

The correct solution depends on the original intent.  If your intent was to truncate a string but ensure that the
result was a null-terminated string the following solution can be used.

char a[16];
strncpy(a, "0123456789abcdef", sizeof(a)-1);
a[sizeof(a)] = '\0';

Compliant Solution 2

Example using strcpy()

Compliant Solution 3

Example using strncpy_s()

Exception

An exception to this rule applies if the intent of the programmer was to convert a null-terminated byte string to a character array.  To be compliant with this standard, this intent must be made clear statement in comments.

References

  • No labels