SEI CERT C Coding Standard

Space shortcuts

Page tree

Title: STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator  
Author: Admin May 24, 2006
Last Changed by: David Svoboda May 19, 2023
Tiny Link: (useful for email) https://wiki.sei.cmu.edu/confluence/x/sNUxBQ
Export As: Word · PDF  
Incoming Links
SEI CERT C++ Coding Standard (1)
    Page: STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator
Android (1)
    Page: Applicable in Principle to Android (C Rules/Recomendations)
SEI CERT C Coding Standard (4)
    Page: ENV01-C. Do not make assumptions about the size of an environment variable
    Page: API01-C. Avoid laying out strings in memory directly before sensitive data
    Page: EXP33-C. Do not read uninitialized memory
    Page: MEM35-C. Allocate sufficient memory for an object
Hierarchy
Parent Page
    Page: Rule 07. Characters and Strings (STR)
Labels
Global Labels (17)
Recent Changes
Time Editor  
May 19, 2023 09:03 Jill Britton View Changes
prevent integer wrapping
Apr 20, 2023 05:20 Jill Britton View Changes
Jan 19, 2023 09:06 Jill Britton View Changes
Jan 18, 2023 11:47 Jill Britton View Changes
Oct 27, 2022 16:54 David Svoboda  
Outgoing Links
External Links (39)
    https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
    https://wiki.sei.cmu.edu/confluence/display/c/MEM00-C.+Allo…
    https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
    https://cwe.mitre.org/data/definitions/125.html
    https://www.mathworks.com/help/bugfinder/ref/certcrulestr31…
    https://pvs-studio.com/en/docs/warnings/v755/
    https://wiki.sei.cmu.edu/confluence/display/c/AA.+Bibliogra…
    web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0587
    cwe.mitre.org/data/definitions/120.html
    web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1252
    cwe.mitre.org/data/definitions/119.html
    cwe.mitre.org/
    https://wiki.sei.cmu.edu/confluence/display/c/MSC24-C.+Do+n…
    https://www.securecoding.cert.org/confluence/display/seccod…
    https://wiki.sei.cmu.edu/confluence/display/c/FIO34-C.+Dist…
    xorl.wordpress.com/2009/06/10/cve-2009-0587-evolution-data-…
    https://pvs-studio.com/en/docs/warnings/v518/
    xorl.wordpress.com/2009/06/10/freebsd-sa-0911-ntpd-remote-s…
    https://www.securecoding.cert.org/confluence/display/seccod…
    https://taas.trust-in-soft.com/tsnippet/t/144ae03a
    https://pvs-studio.com/en/docs/warnings/v645/
    https://cwe.mitre.org/data/index.html
    https://wiki.sei.cmu.edu/confluence/display/c/How+this+Codi…
    https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
    https://wiki.sei.cmu.edu/confluence/display/c/STR07-C.+Use+…
    https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
    https://www.securecoding.cert.org/confluence/display/seccod…
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-315…
    https://www.kb.cert.org/vulnotes/bymetric?searchview&query=…
    https://cwe.mitre.org/data/index.html676.html
    https://cwe.mitre.org/data/definitions/123.html
    https://wiki.sei.cmu.edu/confluence/display/c/SEI+CERT+C+Co…
    https://wiki.sei.cmu.edu/confluence/display/c/Polyspace+Bug…
    https://wiki.sei.cmu.edu/confluence/display/c/STR03-C.+Do+n…
    https://www.bleepingcomputer.com/news/security/new-linux-su…
    https://pvs-studio.com/en/docs/warnings/v727/
    https://wiki.sei.cmu.edu/confluence/display/c/PVS-Studio
    https://www.securecoding.cert.org/confluence/display/seccod…
    https://wiki.sei.cmu.edu/confluence/display/c/AA.+Bibliogra…
SEI CERT C Coding Standard (34)     Page: AA. Bibliography
    Page: Splint_V
    Page: TrustInSoft Analyzer
    Page: ARR38-C. Guarantee that library functions do not form invalid pointers
    Page: STR07-C. Use the bounds-checking interfaces for string manipulation
    Page: MEM31-C. Free dynamically allocated memory when no longer needed
    Page: Helix QAC_V
    Page: Astrée
    Page: Axivion Bauhaus Suite_V
    Page: CodeSonar_V
    Page: STR03-C. Do not inadvertently truncate a string
    Page: ERR02-C. Avoid in-band error indicators
    Page: Helix QAC
    Page: Astrée_V
    Home page: SEI CERT C Coding Standard
    Page: MSC24-C. Do not use deprecated or obsolescent functions
    Page: CodeSonar
    Page: Polyspace Bug Finder_V
    Page: Parasoft_V
    Page: ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
    Page: BB. Definitions
    Page: MEM35-C. Allocate sufficient memory for an object
    Page: Klocwork_V
    Page: FIO34-C. Distinguish between characters read from a file and EOF or WEOF
    Page: PVS-Studio_V
    Page: PC-lint Plus
    Page: Parasoft
    Page: Coverity_V
    Page: Klocwork
    Page: LDRA_V
    Page: PC-lint Plus_V
    Page: TrustInSoft Analyzer_V
    Page: Axivion Bauhaus Suite
    Page: void CERT C Rules implemented in the LDRA tool suite