...
At compile time, string literals are used to create an array of static duration and sufficient length to contain the character sequence and a null-termination character. It is unspecified wehether these arrays are distinct. The behavior is undefined if a program attempts to modify string literals but frequently results in an access violation as string literals are typically stored in read-only memory.
Non-compliant Code Example
Do not attempt to modify a string literal. Use a named array of characters to obtain a modifiable string,
Non-compliant Code Example
In the following example, the char pointer p is initialized to the address of the static string. Attempting to modify the string literal result results in undefined behavior.
...
| Code Block |
|---|
char a[] = "string literal"; a[0] = 'S'; |
Non-Compliant Code Example
In this non-compliant example, the {{mktemp()}}function modifies its string argument.
| Code Block |
|---|
mktemp("/tmp/edXXXXXX");
|
Compliant Solution
Instead of passing a string literal, use a named array:
| Code Block |
|---|
static char fname[] = "/tmp/edXXXXXX";
mktemp(fname);
|
Consequences
Abnormal program termination.
Denial-of-service attack.
...
- ISO/IEC 9899-1999 Section 6.4.5 String literals
- Summit 95 comp.lang.c FAQ list - Question 1.32
- Plum 91 Topic: 1.26 strings - string literals