Correctly Printing STAFString

By Susam Pal on 04 Jun 2010

At RSA, we use Software Testing Automation Framework (STAF) to automate testing our products. Recently, I ran into a bug that occurred due to STAFResult::STAFString not being null-terminated. Here is an example C++ program that demonstrates the issue:

#include <iostream>
#include <string>
using namespace std;

#include "STAF.h"
#include "STAFString.h"

int main(int argc, char **argv)
    STAFString name("foo");
    STAFHandlePtr handle;

    int rc = STAFHandle::create(name, handle);
    if (rc != 0) {
        std::cerr << "Could not create STAF handle; error code: "
                  << rc << endl;
        return 1;

    STAFResultPtr result = handle->submit("", "VAR",
                                          "RESOLVE STRING {STAF/Env/DUMMY}");
    if (result->rc != 0) {
        std::cerr << "Could not run STAF command; error code: "
                  << rc << "\n";
        return 1;

    STAFString output = result->result;
    std::cout << "Output: " << output.buffer() << "\n";

Here is an example output of the above program:

C:\>echo %DUMMY%
Output: Why__does__it__break/Env/DUMMY}}

The substring /Env/DUMMY at the end of the output is garbage. The result is not null-terminated in the output buffer. Here is the correct way to print the output:

std::cout << "Output: " << string(output.buffer(), output.length()) << "\n";