...
In the second strcat_nc() call, the compiler compiles the code with no warnings, but the resulting code will attempt to modify the "str1" literal. This violates STR05-C. Use pointers to const when referring to string literals and STR30-C. Do not attempt to modify string literals.
In the final strcat_nc() call, the compiler generates a warning about attempting to cast away const on str4. This is a valid warning.
...
Not declaring an unchanging value const prohibits the function from working with values already cast as const. This problem can be sidestepped by type casting away the const, but doing so violates EXP05-C. Do not cast away a const qualification.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL13-C | low | unlikely | low | P3 | L3 |
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
Compass/ROSE |
|
| Can detect violations of this recommendation while checking for violations of recommendation DCL00-C. Const-qualify immutable objects. | ||||||
| 62 D | Fully implemented. | |||||||
| cnstpnte | Fully implemented. | |||||||
| PRQA QA-C |
| 3673 | Fully implemented | ||||||
| 0431(C) |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
CERT C++ Secure Coding Standard: DCL13-CPP. Declare function parameters that are pointers to values not changed by the function as const
ISO/IEC TR 24772 "CSJ Passing parameters and return values"
...