This is an extension of recommendationrule:
STR30-C. Do not attempt to modify string literals
Since As string literals are constant, they should only be assigned to constant pointers as indicated below:.
Non-compliant Coding Example 1
The const keyword is not included in these declarations.
| Code Block | ||
|---|---|---|
| ||
char* c1 = "Hello"; // Bad: assigned to non-const char c2[] = "Hello"; // Bad: assigned to non-const char c3[6] = "Hello"; // Bad: assigned to non-const c1[3] = 'a'; // Undefined (but compiles) |
Complaint Solution 1
If you properly assign string literals to const pointers, the compiler will not allow direct manipulation of the contents.
| Code Block | ||
|---|---|---|
| ||
const char* const c1 = "Hello"; // Good char const char c2[] = "Hello"; // Good char const char c3[6] = "Hello"; // Good //c1[3] = 'a'; would cause a compile error |
By assigning string literals to constant pointers the compiler will disallow you from modifying the contents directly.
Non-compliant Coding Example 2.a
Though it is not compliant with the C Standard, this code executes correctly if the contents of CMUfullname are not modified.Making code reverse compatible to fit this standard sometimes breaks functionality but this is a good recommendation to follow on new code. An example of a situation where implementing this would break prior code is if a string literal is assigned to a non-const pointer as in the following example
Before changing string literals to constant pointers
| Code Block | ||
|---|---|---|
| ||
char* CMUfullname = "Carnegie Mellon"; ... //take* get school from user input toand determine string variable "school"validate */ if (strcmp(school,"CMU")) { school = CMUfullname; } |
This prior code works fine as long as the contents of string pointer "school" are not modified if it is assigned "CMUfullname"
Non-compliant Coding Example 2.b
Adding in the const keyword will generate a compiler warning, as the assignment of CMUfullname to school discards the const qualifier. Any modifications to the contents of scholl after this assignment will lead to errors.If one were to simply change the declaration of the string literal "CMUfullname" to const this would be the output
| Code Block | ||
|---|---|---|
| ||
const char* const CMUfullname = "Carnegie Mellon"; ... //take* get school from user input toand determine string variable "school" ...validate */ if (strcmp(school,"CMU")==0) { school = CMUfullname; } |
This code will give a compiler warning since the assignment of "CMUfullname" to school is discarding the const qualifier. Any modifications to the contents of school if it is assigned a constant string literal will cause error conditions.
Compliant Solution 2
The compliant solution uses the const keyword to protect the string literal, as well as using strcpy to copy the value of CMUfullname into school, allowing future modification of schoolA compliant fix to this problem would be to copy the contents of "CMUfullname" to "school" but this involves the extra step of making sure school has the appropriate storage to hold it.
| Code Block | ||
|---|---|---|
| ||
const char* const CMUfullname = "Carnegie Mellon"; ... //take* get school from user input toand determine string variable "school" ...validate */ if (strcmp(school,"CMU")==0) { //assuming school is properly allocated above strcpy(school, CMUfullname); } |
...
Risk Assessment
Modifying string literals can lead to causes undefined behavior, resulting in abnormal program termination and results in undefined behavior that can be used in denial-of-service attacksvulnerabilities.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR30-C | 1 (low) | 3 (likely) | 2(medium) | P6 | L2 |
References:
| Wiki Markup |
|---|
[http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc |
| Wiki Markup |
|---|
]
\[Lockheed Martin 2005\] Lockheed Martin. Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program. Document Number 2RDU00001, Rev C. December 2005. AV Rule 151.1 |