The attached code, developed by a junior developer, has several issues and is not functioning as expected. The desired functionality of the program is to allow a user to select from several choices on a menu. After the user selects the “Exit” option from the menu, the program will populate a password with ‘1’s and then display the value of the password. The program also captures a character so the screen can stay paused for review before exiting. Below are screen shots for a successful program execution.

Unfortunately, not only are there security issues, the code you are provided doesn’t work as expected.

Carefully, review the code and perform analysis as needed. Consider the following rules and recommendations and hints for items that you might want to review.

Note, that some rules and recommendations listed below may not be found as issues in the code.

  • STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator.

  • MSC24-C. Do not use deprecated or obsolescent functions.

  • FIO34-C. Distinguish between characters read from a file and EOF or WEOF.

  • MSC17-C. Finish every set of statements associated with a case label with a break statement.

  • MSC33-C. Do not pass invalid data to the asctime()function.

  • MSC17-C. Finish every set of statements associated with a case label with a break statement.

  • DCL20-C. Explicitly specify void when a function accepts no arguments.

  • MEM30-C. Do not access freed memory.

You must use Visual Studio for C compiling.

Review and analyze the code, and determine the rules and recommendations that are violated, you should fix the code. Be sure to document each issue by aligning the rule or recommendation and explain exactly how you fixed the issue.


    1. Be very careful with the pointers and memory limits of the arrays. Most modern compilers attempt to protect your system resources, but you could potentially produce access violations that could lock your system up. Take your time and review the memory bounds for all of your arrays before your start making code changes


Provide your fixed C source code along with a word document describing how you addressed each issue. For example, you should list the C Cert rule or recommendation for each issue and show and describe the code that addresses the issue. You should also provide screen shots and descriptions of the successful execution of the code. All references used should be included in your document.