Strings are a fundamental concept in software engineering, but they are not a built-in type in C. Null-terminated byte strings consist of a contiguous sequence of characters terminated by and including the first null character. The C programming language supports the following types of null-terminated byte strings: single byte character strings, multibyte character strings, and wide character strings. Single byte and multibyte character strings are both described as null-terminated byte strings.
A pointer to a single byte or multibyte characters strings points to its initial character. The length of the string is the number of bytes preceding the null character, and the value of a string is the sequence of the values of the contained characters, in order.
A wide string is a contiguous sequence of wide characters terminated by and including the first null wide character. A pointer to a wide string points to its initial (lowest addressed) wide character. The length of a wide string is the number of wide characters preceding the null wide character and the value of a wide string is the sequence of code values of the contained wide characters, in order.
Null-terminated byte strings are implemented as arrays of characters and are susceptible to the same problems as arrays. As a result, rules and recommendations for arrays should also be applied to null-terminated byte strings.
Recommendations
STR00-A. Use TR 24731 for remediation of existing string manipulation code
STR01-A. Use managed strings for development of new string manipulation code
STR02-A. Sanatize data passed to complex subsystems
Rules
STR30-C. Do not attempt to modify string literals
STR31-C. Do not copy data from an unbounded source to a fixed-length array
STR32-C. Allocated adequate space when copying bounded strings
STR33-C. Guarantee that all strings are null-terminated
STR34-C. Do not truncate strings while copying
References
- ISO/IEC 9899-1999 Section 7.1.1 Definitions of terms, Section 7.21 String handling <string.h>
- Seacord 05 Chapter 2 Strings