PREfast Warning 53 (Windows CE 5.0)
53 - Call to <function> may not zero-terminate string <variable>.
This warning indicates that the specified function (for example, strncpy) was called in such a way that the resulting string might not be zero terminated. This defect can result in an exploitable buffer overrun or crash.
Most C standard library and Win32 string handling functions require and produce zero-terminated strings.
Some counted-string functions, such as strncpy, wcsncpy, _mbsncpy, _snprintf, _snwprintf, mbstowcs, and wcstombs, do not produce zero-terminated strings if they exactly fill their buffer. In these cases, a subsequent call to a string function that expects to see a zero termination will result in a buffer overrun as the function seeks a zero-terminator.
To avoid this, ensure the string ends with a zero. One useful approach is to pass a length to the counted-string function that is one smaller than the size of the buffer and then explicitly assign zero to the last character in the buffer.
Note PREfast can sometimes report this warning on certain idioms guaranteed to be safe in practice. Because of the frequency and potential consequences of this defect, PREfast acts in favor of finding potential issues rather than its normal bias of reducing noise.
Example
Defective Source
char buff[_MAX_PATH];
strncpy(buff, input, _MAX_PATH); // If strlen(input) > _MAX_PATH,
// buff will not be zero terminated.
return strlen(buff); // Program could potentially crash here.
Corrected Source
char buff[_MAX_PATH];
strncpy(buff, input, _MAX_PATH - 1);
buff[_MAX_PATH - 1] = 0;
return strlen(buff); // Construction will be zero terminated.
Send Feedback on this topic to the authors