...
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *c = "Hello"; |
Wiki Markup c\[0\] = 'C'}}, were placed following the declaration in the noncompliant code example, the code is likely to compile cleanly, but the result of the assignment is undefined because string literals are considered constant.
Compliant Solution (Immutable Strings)
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
char c[] = "Hello"; |
...
Consequently, a statement such as {{c\[0\] = 'C'}} is valid and behaves as expected.
Noncompliant Code Example (Wide String Literal)
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
wchar_t *c = L"Hello"; |
...
If a statement, such as {{c\[0\] = L'C'}}, were placed following the above declaration, the code is likely to compile cleanly, but the result of the assignment is undefined as string literals are considered constant.
Compliant Solution (Immutable Strings)
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
wchar_t c[] = L"Hello"; |
...
Consequently, a statement such as {{c\[0\] = L'C'}} is valid and behaves as expected.
Risk Assessment
Modifying string literals causes undefined behavior, resulting in abnormal program termination and denial-of-service vulnerabilities.
...
Tool | Version | Checker | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
| ||||||||||||
|
|
|
|
...
ISO/IEC 9899:1999 Section 6.7.8, "Initialization"
Bibliography:
...
\[[Corfield 1993|AA. Bibliography#Corfield 93]\]
\[]
[Lockheed Martin 2005|AA. Bibliography#Lockheed Martin 05] \] AV Rule 151.1
...