Specifications for Managed Strings, Second Edition

May 2010 • Technical Report

Hal Burch, Fred Long, Raunak Rungta, Robert C. Seacord, David Svoboda

In this report, the authors describe a managed string library for the C programming language.

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2010-TR-018

DOI (Digital Object Identifier):

10.1184/R1/6584285.v1

Subjects

Abstract

This report describes a managed string library for the C programming language. Many software vulnerabilities in C programs result from the misuse of manipulation functions for standard C strings. Programming errors common to string-manipulation logic include buffer overflow, truncation errors, string termination errors, and improper data sanitization. The managed string library provides mechanisms to eliminate or mitigate these problems and improve system security. The CERT Program, which is part of the Carnegie Mellon Software Engineering Institute, provides a proof-of-concept implementation of the managed string library on its Secure Coding web pages.

Download PDF

Cite This Report

SEI

Burch, Hal; Long, Fred; Rungta, Raunak; Seacord, Robert; & Svoboda, David. Specifications for Managed Strings, Second Edition. CMU/SEI-2010-TR-018. Software Engineering Institute, Carnegie Mellon University. 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9531

IEEE

Burch. Hal, Long. Fred, Rungta. Raunak, Seacord. Robert, and Svoboda. David, "Specifications for Managed Strings, Second Edition," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2010-TR-018, 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9531

APA

Burch, Hal., Long, Fred., Rungta, Raunak., Seacord, Robert., & Svoboda, David. (2010). Specifications for Managed Strings, Second Edition (CMU/SEI-2010-TR-018). Retrieved June 09, 2023, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9531

CHI

Hal Burch, Fred Long, Raunak Rungta, Robert Seacord, & David Svoboda. Specifications for Managed Strings, Second Edition (CMU/SEI-2010-TR-018). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9531

MLA

Burch, Hal., Long, Fred., Rungta, Raunak., Seacord, Robert., & Svoboda, David. 2010. Specifications for Managed Strings, Second Edition (Technical Report CMU/SEI-2010-TR-018). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9531

BibTex

@techreport{BurchSpecificationsfor2010,
title={Specifications for Managed Strings},
edition={Second},
author={Hal Burch and Fred Long and Raunak Rungta and Robert Seacord and David Svoboda},
year={2010},
number={CMU/SEI-2010-TR-018},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9531} }

Ask a question about this Technical Report

Software Engineering Institute