Suspicious sizeof() in strncpy, strncat, or memcpy CXX-S1016
Security
Major
cwe-467
Using sizeof() on pointers would return the complete size of the pointer only if it's from the local scope.
Hence consider using strlen over sizeof to get the size of the desired string
if possible. If you are performing the copy over memory, you can use capacity
search, but it may be fallible.
Generally, prefer taking the size of the expected variables as function arguments.
Bad practice
void cpy(const char* src, const char* dst) {
memcpy(dst, src, sizeof(dst));
}
Recommended
void cpy(const char* src, const char* dst, size_t src_size, size_t dst_size) {
memcpy(dst, src, min(src_size, dst_size));
}