V692. An inappropriate attempt to append a null character to a string. To determine the length of a string by 'strlen' function correctly, a string ending with a null terminator should be used in the first place.


The analyzer has detected an interesting error pattern. In order to write a terminal null at the end of a string, the programmer uses the strlen() function to calculate its length. The result will be unpredictable. The string must be already null-terminated for the strlen() function to work properly.

For example:

char *linkname;
....
linkname[strlen(linkname)] = '\0';

This code doesn't make any sense: the null terminator will be written right into that very cell where 0 was found. At the same time, the strlen() function may reach far beyond the buffer, leading to undefined behavior.

To fix the code, we should use some other method to calculate the string length:

char *linkname;
size_t len;
....
linkname[len] = '\0';

According to Common Weakness Enumeration, potential errors found by using this diagnostic are classified as CWE-788.

You can look at examples of errors detected by the V692 diagnostic.


Bugs Found

Checked Projects
364
Collected Errors
13 504