CERT-STR32-C
Synopsis
Do not pass a non-null-terminated character sequence to a library function that expects a string.
Enabled by default
Yes
Severity/Certainty
High/Medium
Full description
Many library functions accept a string or wide string argument with the constraint that the string they receive is properly null-terminated. Passing a character sequence or wide character sequence that is not null-terminated to such a function can result in accessing memory that is outside the bounds of the object. Do not pass a character sequence or wide character sequence that is not null-terminated to a library function that expects a string or wide string argument.
Coding standards
- CERT STR32-C
Null-terminate byte strings as required
Code examples
The following code example fails the check and will give a warning:
#include <stdio.h>
void func(void) {
char c_str[3] = "abc";
printf("%s\n", c_str);
}
The following code example passes the check and will not give a warning about this issue:
#include <stdio.h>
void func(void) {
char c_str[] = "abc";
printf("%s\n", c_str);
}