Main Content

MISRA C:2023 Rule 21.17

Use of the string handling function from <string.h> shall not result in accesses beyond the bounds of the objects referenced by their pointer parameters

Since R2024a

expand all in page

Description

Rule Definition

Use of the string handling function from <string.h> shall not result in accesses beyond the bounds of the objects referenced by their pointer parameters.

This rule comes from MISRA C™: 2012 Amendment 1.

Rationale

Incorrect use of a string handling function might result in a read or write access beyond the bounds of the function arguments, resulting in undefined behavior.

Troubleshooting

If you expect a rule violation but do not see it, refer to Diagnose Why Coding Standard Violations Do Not Appear as Expected.

Examples

expand all

#include <stdio.h>
#include<string.h>

char string[] = "Short";
void f1(const char* str)
{
    (void) strcpy(string, "Too long to fit");      /* Non-compliant */
    if (strlen(str) < (sizeof(string) - 1u)) {
        (void) strcpy(string, str);      /* Compliant */
    }
}

size_t f2(void)
{
    char text[ 5 ] = "Token";
    return strlen(text);    /* Non-compliant */
}

In this example:

  • The first use of strcpy is noncompliant because it attempts to write beyond the end of its destination argument string.

  • The second use of strcpy is compliant because it attempts to write to the destination argument string only if the source argument str fits.

  • The use of strlen is noncompliant. strlen computes the length of a string up to the null terminator. The character array text has no null terminator.

Check Information

Group: Standard libraries
Category: Mandatory
AGC Category: Mandatory

Version History

Introduced in R2024a

See Also

|

Topics