This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Strings and Integers"
| Line 16: | Line 16: | ||
#Out-of-bounds writes | #Out-of-bounds writes | ||
#String Termination Errors | #String Termination Errors | ||
| − | #Off-by-one errors | + | #Off-by-one errors` |
| + | |||
| + | Some of the issues mentioned above have been covered in the buffer overflow sections previously in this guide. | ||
Revision as of 17:57, 6 November 2007
Strings are not a defined Type in C or C++ but simply a contigous array of characters terminated by a null (\0) character The length of the string is the amount of characters which preseed the null character. C++ does contain template classes which address this feature of the programming language: std::basic_string and std::string These classes address some security issues but not all.
|W|E|L|C|O|M|E|\0|
Common String Errors
Common string errors can be related to mistakes in implementation which may cause drastic security and availability issues. C/C++ do not have the comfort other programming languages provide such as Java and C# .NET relating to buffer overflows and such due to a String Type not being defined.
Common issues include:
- Input validation errors
- Unbounded Errors
- Truncation issues
- Out-of-bounds writes
- String Termination Errors
- Off-by-one errors`
Some of the issues mentioned above have been covered in the buffer overflow sections previously in this guide.
