The standard C library's string handling functions are a rich source of potential errors, since they do very little checking on the bounds of the objects being manipulated.

Insure++ detects problems such as overwriting the end of a buffer as described in Memory Corruption. Another common problem is caused by trying to work with strings that are not null-terminated, as in the following example:

/*
 * File: readovr2.c 
 */
main()
 {
	char junk;
	char b[8], c[8];
	strncpy(b, "This is a test",
		sizeof(b)); 
	memset(c, 0, sizeof(c));
	printf("%s\n", b);
	return (0);
 }

This program attempts to copy the string This is a test into a buffer that is only eight characters long. Although it uses strncpy to avoid overwriting its buffer, the resulting copy doesn’t have a NULL on the end. Insure++ detects this problem in line 10 when the call to printf tries to print the string.

  • No labels

Need assistance? Visit our support page