| Content by Label | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Info |
|---|
Information for Editors |
Risk Assessment Summary
Rule | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
| STR30-C | Low | Likely | No | Yes | P6 | L2 |
| STR31-C | High | Likely | No | No | P9 | L2 |
| STR32-C | High | Probable | No | Yes | P12 | L1 |
| STR34-C | Medium | Probable | Yes | No | P8 | L2 |
| STR37-C | Low | Unlikely | Yes | Yes | P3 | L3 |
| STR38-C | High | Likely | Yes | No | P18 | L1 |
Related Rules and Recommendations
| Navigation Map | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
...
Strings are a fundamental concept in software engineering, but they are not a built-in type in C. A string is a contiguous sequence of characters terminated by and including the first null. character. The C programming language supports the following types of strings: single byte character strings, multibyte character strings, and wide character strings. Single byte and multibyte character strings are both described as null-terminated byte strings.
Null-terminated byte strings consist of a contiguous sequence of characters terminated by and including the first null character. A pointer to a null-terminated byte string points to its initial character. The length of a string is the number of bytes preceding the null character, and the value of a string is the sequence of the values of the contained characters, in order.
A wide string is a contiguous sequence of wide characters terminated by and including the first null wide character. A pointer to a wide string points to its initial (lowest addressed) wide character. The length of a wide string is the number of wide characters preceding the null wide character and the value of a wide string is the sequence of code values of the contained wide characters, in order.
Do not assume bounded input
Allocated adequate space when copying bounded strings
Guarantee that all strings are null-terminated
[]