Objective-C : Incorrect C-string usage

Classification

OWASP Mobile Top 10 2016

M7-Poor Code Quality

PCI DSS 4.0

6.2.4

CWE

CWE-125 CWE-787

CWE/SANS Top 25 2021

CWE-125 CWE-787

Overview

C-string is used incorrectly. Examples of incorrect use: intersecting buffers when copying, going beyond the bounds of the buffer, not null-terminated string as an argument.

Objective C language is a strict superset of C; all C constructions may be used in Objective C. C language does not provide automatic protection against memory errors. Therefore, you must ensure that all C constructions are used correctly when using C API.

References

Creating and Converting String Objects - developer.apple.com
Mobile Top 10 2016-M7-Poor Code Quality

MEDIUM

Objective-C : Incorrect C-string usage

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Objective-C : Incorrect C-string usage in your application?

See also

Objective-C : Internal information leak

Objective-C : Weak hashing algorithm

Objective-C : Unsafe reflection