The type of a narrow string literal is an array of char, and the type of a wide string literal is an array of wchar_t. However, string literals (of both types) are notionally constant and should consequently be protected by const qualification. This recommendation is a specialization of DCL00-C. Const-qualify immutable objects and also supports STR30-C. Do not attempt to modify string literals.
Adding const qualification may propagate through a program; as you add const qualifiers, still more become necessary. This phenomenon is sometimes called const-poisoning. Const-poisoning can frequently lead to violations of EXP05-C. Do not cast away a const qualification. Although const qualification is a good idea, the costs may outweigh the value in the remediation of existing code.
...
Modifying string literals causes undefined behavior, resulting in abnormal program termination and denial-of-service vulnerabilities.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR05-C | low | unlikely | low | P3 | L3 |
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| 157 S | Partially implemented | |||||||
Compass/ROSE |
|
|
| ||||||
| PRQA QA·CQA-C |
| Partially implemented |
...
ISO/IEC 9899:2011 Section 6.7.9, "Initialization"
Bibliography
[Corfield 1993]
[Lockheed Martin 2005] AV Rule 151.1
...