SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 83

changes.mady.by.user Astha Singhal

Saved on

compared with

New Version 84

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The type of a narrow string literal is an array of char, and the type of a wide string literal is an array of wchar_t. However, string literals (of both types) are notionally constant and should consequently be protected by const qualification. This recommendation is a specialization of recommendation DCL00-C. Const-qualify immutable objects and also supports rule STR30-C. Do not attempt to modify string literals.

Adding const qualification may propagate through a program; as you add const qualifiers, still more become necessary. This phenomenon is sometimes called " const-poisoning. " Const-poisoning can frequently lead to violations of recommendation EXP05-C. Do not cast away a const qualification. While  Although const qualification is a good idea, the costs may outweigh the value in the remediation of existing code.

...

Code Block
bgColor#FFcccc
langc

char *c = "Hello";

If a statement, such as c[0] = 'C', were placed following the declaration in the noncompliant code example, the code is likely to compile cleanly, but the result of the assignment is undefined assignment would be undefined because string literals are considered constant.

...

In this compliant solution, the characters referred to by the pointer c are const-qualified, meaning that any attempts attempt to assign them to different values is an error.

Code Block
bgColor#ccccFF
langc

const char *c = "Hello";

Compliant Solution (Mutable Strings)

In cases where the string is meant to be modified, use initialization instead of assignment. In this compliant solution, c is a modifiable char array which that has been initialized using the contents of the corresponding string literal.

Code Block
bgColor#ccccFF
langc

char c[] = "Hello";

Consequently, a statement such as c[0] = 'C' is valid and behaves as expected.

...

Code Block
bgColor#FFcccc
langc

wchar_t *c = L"Hello";

If a statement, such as c[0] = L'C', were placed following the above declaration, the code is likely to compile cleanly, but the result of the assignment is undefined as assignment would be undefined because string literals are considered constant.

...

In this compliant solution, the characters referred to by the pointer c are const-qualified, meaning that any attempts attempt to assign them to different values is an error.

Code Block
bgColor#ccccFF
langc

wchar_t const *c = L"Hello";

...

Code Block
bgColor#ccccFF
langc

wchar_t c[] = L"Hello";

Consequently, a statement such as c[0] = L'C' is valid and behaves as expected.

...

section

Partially

Implemented section

implemented

Tool

Version

Checker

Description

LDRA tool suite

Include Page
LDRA_V
LDRA_V
section

157 S

Section

Compass/ROSE

 

 

section

 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

ISO/IEC 9899:19992011 Section 6.7.89, "Initialization"

Bibliography

...

[Corfield 1993]
[Lockheed Martin 2005] AV Rule 151.1

...