JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
C and C++
Binaries

MISC.MEM.NTERM.CSTRING : Unterminated C String

Summary

A buffer is used as a C string, but does not contain a NULL terminating character.

Properties

Class Name Unterminated C String
Significance security
Mnemonic MISC.MEM.NTERM.CSTRING
Categories
MisraC2025 MisraC2025:1.3 There shall be no occurrence of undefined or critical unspecified behaviour
MisraC2023 MisraC2023:1.3 There shall be no occurrence of undefined or critical unspecified behaviour
Misra2012 Misra2012:1.3 There shall be no occurrence of undefined or critical unspecified behaviour
AUTOSARC++14 AUTOSARC++14:A27-0-2 A C-style string shall guarantee sufficient space for data and the null terminator.
MisraC++2023 MisraC++2023:0.3.2 A function call shall not violate the function's preconditions
  MisraC++2023:4.1.3 There shall be no occurrence of undefined or critical unspecified behaviour
CWE CWE:170 Improper Null Termination
TS17961 TS17961:5.30-nonnullstr Passing a non-null-terminated string to a library function
CERT-C CERT-C:POS30-C Use the readlink() function properly
  CERT-C:STR32-C Do not pass a non-null-terminated character sequence to a library function that expects a string
Availability Available for C and C++.
Enabling Checks for this warning class are enabled by default. To disable them, add the following WARNING_FILTER rule to the project configuration file. 
WARNING_FILTER += discard class="Unterminated C String"

Example 

#include <string.h>
#include <stdlib.h>

void f(void)
{
    char buf[10];
    char buf2[10];
    const char *val = getenv("foo");
    if( !val )
        return;
    strncpy( buf, val, sizeof(buf) - 1 );
    strcpy( buf2, buf ); // Warning issued here because strncpy didn't terminate
}

Triggering Functions

CodeSonar ships with library models that allow it to recognize a large number of functions that have undefined or undesirable behavior when passed an unterminated string. Some examples are shown in the table below. If one of these functions is called with an unterminated string in the relevant parameter position, a warning will be issued.

If you have created a custom library model for some function f() in terms of one of these existing models, calls to f() will also be capable of triggering Unterminated C String warnings.

The functions that CodeSonar considers to be capable of outputting unterminated strings are described below.

Functions that can trigger warnings include...
Apache Portable Runtime (APR) apr_cpystrn(), apr_pmemdup()
gcc Builtins __builtin___fprintf_chk(), __builtin___memcpy_chk(), __builtin___strncat_chk()
LDAP ldap_search_ext()
libc execl(), fprintf(), strcat()
libintl dcgettext(), textdomain()
libpq PQexec(), PQprepare()
Mac OS X copyin()
ODBC SQLExecDirectA(), SQLExecDirectUNIX(), SQLExecDirectW()
OpenSSL CRYPTO_strdup()
Qt fatal, qMemCopy()
C++ Standard Template Library (STL) __throw_domain_error(), __throw_invalid_argument()
Win32 PathResolve(), UnicodeToBytes(), wcscpy(),

Functions That Can Produce Unterminated Strings

CodeSonar ships with library models that allow it to recognize a large number of functions that are capable of outputting unterminated strings. Some examples are shown in the table below.

If you have created a custom library model for some function f() in terms of one of these existing models, calls to f() will also be treated as outputting unterminated strings in the same circumstances.

Additionally, CodeSonar may determine that directly writing non-NULL characters into a string has caused the string to be unterminated.

Functions that can output an unterminated string include...
Apache Portable Runtime (APR) apr_cpystrn(), apr_pmemdup()
C++ operators operator new()
FreeRTOS pvPortMalloc()
gcc Builtins __builtin___memcpy_chk(), __builtin___strncpy_chk()
libc copylist(), memcpy(), strdup()
Linux Kernel copy_from_user(), kmalloc()
Mac OS X copyin(), kalloc()
Nucleus DMCE_Allocate_Memory(), PMCE_Create_Partition_Pool()
ODBC SQLNativeSqlA(), SQLNativeSqlUNIX(), SQLNativeSqlW()
OpenSSL CRYPTO_malloc(), CRYPTO_strdup()
Qt qMalloc(), qMemCopy()
VxWorks memPartAlignedAlloc(), msgQCreate()
Win32 GlobalAlloc(), _fsopen(), wcsncpy()

Relevant Configuration File Parameters

The following configuration file parameters affect checks for this warning class.

 

To report problems with this documentation, please visit https://support.codesecure.com/.