Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Page History

Versions Compared

Old Version 158

changes.mady.by.user David Svoboda

Saved on Mar 05, 2009

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on Aug 06, 2025

Key

This line was added.
This line was removed.
Formatting was changed.

Content by Label

showLabels	false
maxResults	99
label	+str,+rule,-void
showSpace	false
sort	title
space	@self
cql	label = "rule" and label = "str" and label != "void" and space = currentSpace()

Info
Information for Editors In order to have a new guideline automatically listed above be sure to label it str and rule.

Risk Assessment Summary

Rule	Severity	Likelihood	Detectable	Repairable	Priority	Level
STR30-C	Low	Likely	No	Yes	P6	L2
STR31-C	High	Likely	No	No	P9	L2
STR32-C	High	Probable	No	Yes	P12	L1
STR34-C	Medium	Probable	Yes	No	P8	L2
STR37-C	Low	Unlikely	Yes	Yes	P3	L3
STR38-C	High	Likely	Yes	No	P18	L1

Recommendations

STR00-C. Represent characters using an appropriate type

STR01-C. Adopt and implement a consistent plan for managing strings

STR02-C. Sanitize data passed to complex subsystems

STR03-C. Do not inadvertently truncate a null-terminated byte string

STR04-C. Use plain char for characters in the basic character set

STR05-C. Use pointers to const when referring to string literals

STR06-C. Do not assume that strtok() leaves the parse string unchanged

STR07-C. Use TR 24731 for remediation of existing string manipulation code

STR08-C. Use managed strings for development of new string manipulation code

MSC33-C. Do not pass invalid data to asctime()e() functi

Rules

STR30-C. Do not attempt to modify string literals

STR31-C. Guarantee that storage for strings has sufficient space for character data and the NULL terminator

STR32-C. Null-terminate byte strings as required

STR33-C. Size wide character strings correctly

STR34-C. Cast characters to unsigned types before converting to larger integer sizes

STR35-C. Do not copy data from an unbounded source to a fixed-length array

STR36-C. Do not specify the bound of a character array initialized with a string literal

STR37-C. Arguments to character handling functions must be representable as an unsigned char

Risk Assessment Summary

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
STR00-C	medium	probable	low	P12	L1
STR01-C	low	unlikely	high	P1	L3
STR02-C	high	likely	medium	P18	L1
STR03-C	medium	probable	medium	P8	L2
STR04-C	low	unlikely	low	P3	L3
STR05-C	low	unlikely	low	P3	L3
STR06-C	medium	likely	medium	P12	L1
STR07-C	high	probable	medium	P12	L1
STR08-C	high	probable	high	P6	L2

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
STR30-C	low	likely	low	P9	L2
STR31-C	high	likely	medium	P18	L1
STR32-C	high	probable	medium	P12	L1
STR33-C	high	likely	medium	P18	L1
STR34-C	medium	probable	medium	P8	L2
STR35-C	high	likely	medium	P18	L1
STR36-C	high	probable	low	P18	L1
STR37-C	low	unlikely	low	P3	L3

Related Rules and Recommendations

Navigation Map

	char-strings
	char-strings
cellWidth	700
wrapAfter	1
cellHeight	15

...

ARR38-C. Do not add or subtract an integer to a pointer if the resulting value does not refer to a valid array element CERT C Secure Coding Standard Image Added Image Added Image Modified