Besides syntax-related issues, is there anything else I should be aware of when using memmove() ? If misued, can it create runtime errors ?

memove() operates on byte strings so make sure to check for bounds (on the destination array) otherwise the process terminates with SIGSEGV at runtime.

Performance.

If you are sure that buffer are not overlapped, you should use memcpy, becuase it's faster

I would recommend that the writer look into bcopy() and bzero(). If memory serves, they are the original primitives, and thus the most efficient. In the C++ world, string objects help protect the programmer from [him|her]self and tend the details. Certainly this is at the cost of efficiency, but then these days performance is a balance to reuse in the application programming space.

I am sorry to say that there are many environments where the management doesn't want anything but scripting tools like bash/csh/perl/php because they can't afford programmers who know C and C++. Their words, not mine, by the way. So then what I used to think of as prototyping tools now become what is used in production. That means that the security review must include not only software but also the underlying interpreter.