...
Adding const qualification may propagate through a program; as you add const qualifiers are added, still more become necessary. This phenomenon is sometimes called const-poisoning. Const-poisoning can frequently lead to violations of EXP05-C. Do not cast away a const qualification. Although const qualification is a good idea, the costs may outweigh the value in the remediation of existing code.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *c = "Hello"; |
If a statement , such as c[0] = 'C', were placed following the declaration in the noncompliant code example, the code is likely to compile cleanly, but the result of the assignment would be undefined because string literals are considered constant.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
wchar_t *c = L"Hello"; |
If a statement , such as c[0] = L'C', were placed following the above this declaration, the code is likely to compile cleanly, but the result of the assignment would be undefined because string literals are considered constant.
...
Modifying string literals causes undefined behavior, resulting in abnormal program termination and denial-of-service vulnerabilities.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR05-C | low | unlikely | low | P3 | L3 |
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
|
|
| |||||||
| CC2.STR05 | Fully implemented | |||||||
| 157 S | Partially implemented | |||||||
| PRQA QA-C |
| 0752 | Partially implemented |
...