Built-in C string functions such as
strcat require that their
input string arguments are null terminated. If the input string arguments are
not null terminated, these functions will read/write beyond the length of the
buffer containing the string, resulting in either buffer over-read or buffer
Review the code and consider whether the variable that holds the string should have an initializer or whether some path through the program fails to null terminate the string.
The destination variable
dest used in the call to
does not (necessarily) contain a null terminator. Consequently, the call to
may result in a buffer overflow.
In the revised example,
dest is properly null terminated before the
the call to