...
As an array initializer, a string literal specifies the initial values of characters in an array as well as the size of the array. (see See guideline STR36-C. Do not specify the bound of a character array initialized with a string literal.) . This code creates a copy of the string literal in the space allocated to the character array a. The string stored in a can be safely modified.
...
A compliant solution avoids modifying a const object, even if it is possible to obtain a non-const pointer to such an object by calling a standard C library function such as strrchr(). To reduce the risk of callers of get_dirname() passing constant objects to the function the argument is declared to be a non-const pointer. While converting a string literal to non-const char* is permitted by the language conforming compilers may issue a diagnostic for such code. See also guideline EXP05-C. Do not cast away a const qualification.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR30-C | low | likely | low | P9 | L2 |
Automated Detection
...
Splint Version 3.1.1 can detect violations of this rule.
...
Tool | Version | Checker | Description |
|---|---|---|---|
|
...
|
|
| |||||||||
|
|
|
| ||||||||
|
|
|
|
|
...
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Other Languages
Related Guidelines
This rule appears in the C++ Secure Coding Standard as : STR30-CPP. Do not attempt to modify string literals.
Bibliography
| Wiki Markup |
|---|
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.4.5, "String literals" \[[Summit 951995|AA. Bibliography#Summit 95]\] comp.lang.c FAQ list - Question 1.32 \[[Plum 911991|AA. Bibliography#Plum 91]\] Topic 1.26, "strings - string literals" |
...