ansaurus

Question

Answer 1

+8 A:

'\0' is a "null character". It's used to terminate strings in C and some portions of C++. Pex is doing a test to see how your code handles the null character, likely looking for the Poison Null Byte security exploit.

Most C# code has nothing to fear; if you pass your string to unmanaged code, however, you may have problems.

Edit:

Just to be explicit... Pex is passing a string containing a null character. This is not a null reference.

Randolpho 2010-02-18 22:56:10

Note that a NULL string IS NOT the same as an empty string. From the MSDN article: "By contrast, a null string does not refer to an instance of a System.String object and any attempt to call a method on a null string results in a NullReferenceException. However, you can use null strings in concatenation and comparison operations with other strings. The following examples illustrate some cases in which a reference to a null string does and does not cause an exception to be thrown"

jfawcett 2010-02-18 23:00:15

Answer 2

+2 A:

It's a string containing the character '\0'. C# doesn't treat this in any particularly special way - it's just unicode character U+0000. If you write:

int firstCodePoint = text[0];

then you'll find firstCodePoint is 0.

Jon Skeet 2010-02-18 22:56:11

Answer 3

+2 A:

Joel Coehoorn 2010-02-18 22:56:56

Eh.... I can't bring myself to -1 this one, but it looks like you're implying that C# strings are null terminated. They are not.

Randolpho 2010-02-18 22:59:41

@Randolpho "Newer environments like .Net use a different system" -- seems to me I'm implying the exact opposite.

Joel Coehoorn 2010-02-18 23:01:50

Yep. I'm not sure how anything like that is implied.

Andrew Backer 2010-02-18 23:05:35

I guess I'm getting hung up on your first sentence. The asker is clearly using .NET. Pex is *not* passing a string with an "extra null character", it is passing a string that contains a single null character. "extra null character" implies that there are two null characters, one in the string and one terminating the string. This is not the case. I'm not dinging on it because it's not explicit like @mobrule's was, but it's pretty heavily implied to me.

Randolpho 2010-02-18 23:05:51

The more I think about it... the rest of the answer is fine. I'm thinking I'm just gonna edit that first sentence and +1 you. :)

Randolpho 2010-02-18 23:11:22

Answer 4

+2 A:

A string of length 1, containing the character \u0000 (aka NUL). This character is not treated specially.

In C, which uses \0 to terminate string, you also allocate a string of length 1. In this case the standard string functions will report a length of 0, since the string contains \0 as well as being terminated with it. You could safely modify str[0], or strncat a single character into it.

Lachlan Roche 2010-02-18 22:57:12

ansaurus

tags:

views:

answers:

C# - What does "\0" equate to?

related questions