LIB-strncpy-overrun-pos

In this section:

Synopsis

A call to strncpy might cause a destination buffer overrun.

Enabled by default

Severity/Certainty

Medium/Medium

Full description

A call to strncpy might cause a destination buffer overrun. This check is identical to CERT-STR31-C_h.

Coding standards

CERT STR31-C: Guarantee that storage for strings has sufficient space for character data and the null terminator
CWE 119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE 120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE 121: Stack-based Buffer Overflow
CWE 122: Heap-based Buffer Overflow
CWE 124: Buffer Underwrite ('Buffer Underflow')
CWE 126: Buffer Over-read
CWE 127: Buffer Under-read
CWE 805: Buffer Access with Incorrect Length Value

Code examples

The following code example fails the check and will give a warning:

#include <string.h>
#include <stdlib.h>

void example(void)
{
  char *str1 = "Hello World!\n";
  char *str2 = (char *)malloc(13);
  strncpy(str2,str1,14);
}

The following code example passes the check and will not give a warning about this issue:

#include <string.h>
#include <stdlib.h>

void example(void)
{
  char *str1 = "Hello World!\n";
  char *str2 = (char *)malloc(14);
  strncpy(str2, str1, 14);
}

IAR Embedded Workbench for RISC-V 3.40