The type of a narrow string literal is an array of char, and the type of a wide string literal is an array of wchar_t. However, string literals (of both types) are notionally constant and should consequently be protected by const qualification. This recommendation is a specialization of guideline recommendation DCL00-C. Const-qualify immutable objects and also supports rule STR30-C. Do not attempt to modify string literals.
Adding const qualification may propagate through a program; as you add const qualifiers, still more become necessary. This phenomenon is sometimes called "const-poisoning." Const-poisoning can frequently lead to violations of guideline recommendation EXP05-C. Do not cast away a const qualification. While const qualification is a good idea, the costs may outweigh the value in the remediation of existing code.
...
| Wiki Markup |
|---|
If a statement, such as {{c\[0\] = 'C'}}, were placed following the declaration in the Noncompliantnoncompliant Codecode Exampleexample, the code is likely to compile cleanly, but the result of the assignment is undefined because string literals are considered constant. |
...
| Wiki Markup |
|---|
If a statement, such as {{c\[0\] = L'C'}}, were placed following the above declaration, the code is likely to compile cleanly, but the result of the assignment is undefined as string literals are considered constant. |
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
ISO/IEC 9899:1999 Section 6.7.8, "Initialization"
Bibliography:
| Wiki Markup |
|---|
\[[Corfield 1993|AA. Bibliography#Corfield 93]\]
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.7.8, "Initialization"
\[[Lockheed Martin 2005|AA. Bibliography#Lockheed Martin 05]\] AV Rule 151.1 |
...