C# – What does “\0” equate to?

‘\0’ is a “null character“. It’s used to terminate strings in C and some portions of C++. Pex is doing a test to see how your code handles the null character, likely looking for the Poison Null Byte security exploit.

Most C# code has nothing to fear; if you pass your string to unmanaged code, however, you may have problems.


Just to be explicit… Pex is passing a string containing a null character. This is not a null reference.

Leave a Comment