Page History

...

Truncating strings can lead to a loss of data.

Recommendation	Severity	Likelihood

Remediation Cost

Detectable	Repairable	Priority	Level
STR03-C	Medium	Probable	No

Medium

No

P8

P4

L2

L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

MISC.MEM.NTERM

No Space For Null Terminator

Compass/ROSE

Could detect violations in the following manner: all calls to strncpy() and the other functions should be followed by an assignment of a terminating character to null-terminate the string

GCC 8.1 -Wstringop-truncation Detects string truncation by strncat and strncpy.

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

NNTS.MIGHT
NNTS.MUST

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

115 S, 44 S

Partially implemented

Parasoft C/C++test

9.5BD-PB-OVERNZT

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-STR03-a

Avoid overflow due to reading a not zero terminated string

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder

R2016aBuffer overflow from incorrect string format specifierString format specifier causes buffer argument of standard library functions to overflow

_V
	Polyspace Bug Finder_V

CERT C: Rec. STR03-C

Checks for invalid use of standard library string routine (rec. partially supported)

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding Standard	VOID STR03-CPP. Do not inadvertently truncate a null-terminated character array
ISO/IEC TR 24772:2013	String Termination [CJM]
MITRE CWE	CWE-170, Improper null termination CWE-464, Addition of data structure sentinel

Bibliography

[Seacord 2013]

Chapter 2, "Strings"

...

Image Modified Image Modified Image Modified

Space shortcuts

Page tree

Versions Compared

Old Version 104

New Version 114

Key

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography