SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 109

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 110

changes.mady.by.user Anirban Gangopadhyay

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Modifying string literals causes undefined behavior, resulting in abnormal program termination and denial-of-service vulnerabilities.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

STR05-C

Low

Unlikely

Low

P3

L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.TYPE.NCSNon-const string literal
Compass/ROSE

 

 

 




ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.STR05

Fully implemented

Klocwork
Include Page
Klocwork_V
Klocwork_V
MISRA.STRING_LITERAL.NON_CONST.2012
 

LDRA tool suite
Include Page
LDRA_V
LDRA_V
623 S

Fully implemented

Polyspace Bug Finder

Include Page
Polyspace Bug Finder

R2016a

_V
Polyspace Bug Finder_V

Writing to const qualified object

Object declared with a const qualifier is modified

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v

0752
0753

Partially implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[Corfield 1993]
 

[Lockheed Martin 2005]  AV Rule 151.1

 


...