Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Rule 18-0-5 scope
#1
Does this rule apply to memcpy as well?
The heading of the rule uses the generic term functions while the body of the rule explicitly lists all string functions -> confusing!
So, since memcpy is declared in the heading would fit here, while the body does not.
Nevertheless, since memcpy_s etc. is not available in C99/C++03 i think a deviation with reason "code quality/portability" would be justified.
Do you agree?
<t></t>
Reply
#2
Isn't null termination the key point here?

Each of the listed functions depends on finding a null character to terminate the input string, making it vulnerable to overrun errors (or attacks). That's what is meant by "unbounded" in this rule. I believe the other functions all require an explicit length.

- Stephen
<t></t>
Reply
#3
swestin Wrote:Isn't null termination the key point here?

Each of the listed functions depends on finding a null character to terminate the input string, making it vulnerable to overrun errors (or attacks). That's what is meant by "unbounded" in this rule. I believe the other functions all require an explicit length.

- Stephen
If so, then the heading should be changed to
Quote:The unbounded string functions of library shall not be used
<t></t>
Reply
#4
The rational is about unterminated strings (e.g. use of strcpy) and requires the use of "a safe string handling library".

As memcpy is not unbounded (you provide the number of characters to copy) and its not one of the functions listed in the rationale, the answer is No
Posted by and on behalf of
the MISRA C++ Working Group
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)