This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Strings and Integers"
Line 18: | Line 18: | ||
#Off-by-one errors` | #Off-by-one errors` | ||
− | Some of the issues mentioned above have been covered in the buffer | + | Some of the issues mentioned above have been covered in the "Reviewing code buffer overflows and overruns" section previously in this guide. |
Revision as of 18:01, 6 November 2007
Strings are not a defined Type in C or C++ but simply a contigous array of characters terminated by a null (\0) character The length of the string is the amount of characters which preseed the null character. C++ does contain template classes which address this feature of the programming language: std::basic_string and std::string These classes address some security issues but not all.
|W|E|L|C|O|M|E|\0|
Common String Errors
Common string errors can be related to mistakes in implementation which may cause drastic security and availability issues. C/C++ do not have the comfort other programming languages provide such as Java and C# .NET relating to buffer overflows and such due to a String Type not being defined.
Common issues include:
- Input validation errors
- Unbounded Errors
- Truncation issues
- Out-of-bounds writes
- String Termination Errors
- Off-by-one errors`
Some of the issues mentioned above have been covered in the "Reviewing code buffer overflows and overruns" section previously in this guide.