CERT
 
Publications Catalog Historical Documents Authorized Users of "CERT" US-CERT Vulnerability Notes Database Vulnerability Disclosure Policy Courses Link to US-CERT cylab
 

Managed String Library

The managed string library was developed in response to the need for a string library that can improve the quality and security of newly developed C-language programs while eliminating obstacles to widespread adoption and possible standardization. As the name implies, the managed string library is based on a dynamic approach; memory is allocated and reallocated as required. This approach eliminates the possibility of unbounded copies, null-termination errors, and truncation by ensuring that there is always adequate space available for the resulting string (including the terminating null character). The one exception is if memory is exhausted; that is treated as an error condition. In this way, the managed string library accomplishes the goal of indicating either success or failure. The managed string library also protects against improper data sanitization by (optionally) ensuring that all characters in a string belong to a predefined set of "safe" characters.

Accessing the library

A beta implementation of the managed string library is available for download.

Additional information

The following documents contain more detailed information about this project:

Revision History

Version 3.7-01-09 includes the following changes:

  • Fixed to run properly on Mac OS X

Version 3.2-17-09 includes the following changes:

  • Fixes proposed by Yannick Moy based on Frama-C and Coverity output
  • Fixes based on ROSE output
  • Fixes based on MSVC 'analyze' command
  • Minimized warnings from gcc
  • Minimized warnings from MSVC
  • Eliminated memory leaks from 'test' program according to valgrind
  • Added 'test.ans' file, contains expected output of test program

Last updated September 24, 2009