Page History

...

Modifying string literals can lead to abnormal program termination and possibly denial-of-service attacks.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
STR30-C	Low	Likely	Low	P9	L2

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

	Supported, but no explicit checker
Compass/ROSE

Can detect simple violations of this rule

Coverity

Include Page

	Coverity_V
	Coverity_V

PW

Deprecates conversion from a string literal to "char *"

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

157 S

Partially implemented

Parasoft C/C++test

Include Page

c:

	Parasoft_V

c:

	Parasoft_V

PB-27

Polyspace Bug Finder

R2016a

Writing to const qualified object

Object declared with a const qualifier is modified

PRQA QA-C

Include Page

	PRQA QA-C_v
	PRQA QA-C_v

0556
0752
0753

Partially implemented

Splint

Include Page

	Splint_V
	Splint_V

PRQA QA-C++

4.2

3063, 3064, 3605, 3606, 3607, 3842


PVS-Studio	6.22	V675	General analysis rule

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

Key here (explains table format and definitions)

Taxonomy	Taxonomy item	Relationship
CERT C Secure Coding Standard	EXP05-C. Do not cast away a const qualification	Prior to 2018-01-12: CERT: Unspecified Relationship
CERT C Secure Coding Standard	STR11-C. Do not specify the bound of a character array initialized with a string literal	Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961:2013	Modifying string literals [strmod]	Prior to 2018-01-12: CERT: Unspecified Relationship

Bibliography

[ISO/IEC 9899:2011]	6.4.5, "String Literals"
[Plum 1991]	Topic 1.26, "Strings—String Literals"
[Summit 1995]	comp.lang.c FAQ List, Question 1.32

...

Space shortcuts

Page tree

Versions Compared

Old Version 114

New Version 115

Key

Automated Detection

Related Vulnerabilities

Bibliography