SafeStringLib -- A C Library of buffer and string manipulation routines that help protect against buffer overflows


About SafeStringLib
English (USA)

The Secure Development Lifecycle (SDL) recommends banning certain C Library functions because they directly contribute to security vulnerabilities such as buffer overflows. However routines for the manipulation of strings and memory buffers are common in software and firmware, and are essential to accomplish certain programming tasks. Safer replacements for these functions that avoid or prevent serious security vulnerabilities (e.g. buffer overflows, string format attacks, conversion overflows/underflows, etc.) are available in the SafeString Library.
This library includes routines for safe string operations (like strcpy) and memory routines (like memcpy) that are recommended for Linux/Android operating systems, and will also work for Windows. This library is especially useful for cross-platform situations where one library for these routines is preferred.

The Safe String Library is based on the Safe C Library by Cisco, and includes replacement C Library functions for the SDL banned functions, as well as a number of additional useful routines that are also susceptible to buffer overflows.
The Safe String Library was extended by Intel's Security Center of Excellence (SeCoE) to add additional routines.
This list is moderated by developers actively working on the Safe String Library, and handles questions regarding the use, recommended enhancements, and defects found in the Safe String Library.

To see the collection of prior postings to the list, visit the SafeStringLib Archives.

Using SafeStringLib
To post a message to all the list members, send email to

You can subscribe to the list, or change your existing subscription, in the sections below.

Subscribing to SafeStringLib

Subscribe to SafeStringLib by filling out the following form. You will be sent email requesting confirmation, to prevent others from gratuitously subscribing you. This is a hidden list, which means that the list of members is available only to the list administrator.

    Your email address:  
    Your name (optional):  
    You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. Do not use a valuable password as it will occasionally be emailed back to you in cleartext.

    If you choose not to enter a password, one will be automatically generated for you, and it will be sent to you once you've confirmed your subscription. You can always request a mail-back of your password when you edit your personal options.
    Pick a password:  
    Reenter password to confirm:  
    Which language do you prefer to display your messages? English (USA)  
    Would you like to receive list mail batched in a daily digest? No Yes
SafeStringLib Subscribers
(The subscribers list is only available to the list administrator.)

Enter your admin address and password to visit the subscribers list:

Admin address: Password:   

To unsubscribe from SafeStringLib, get a password reminder, or change your subscription options enter your subscription email address:

If you leave the field blank, you will be prompted for your email address

SafeStringLib list run by safestringlib-owner at
SafeStringLib administrative interface (requires authorization)
Overview of all mailing lists

Delivered by Mailman
version 2.1.29
Python Powered GNU's Not Unix

HTML: Privacy Policy

The site and any sub-site of follow the standard Intel privacy policy located here: We don't require that you provide personal information except your email address for mailing list subscriptions. Any other personal information voluntarily given will not be used outside the site.

FAQ About Subscribing