...
Modifying string literals causes undefined behavior, resulting in abnormal program termination and denial-of-service vulnerabilities.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
STR05-C | Low | Unlikely | Low | P3 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| literal-assignment | Fully checked | ||||||
Axivion Bauhaus Suite |
| CertC-STR05 | |||||||
Clang |
| -Wwrite-strings | Not enabled by -Weverything | ||||||
CodeSonar |
| LANG.TYPE.NCS | Non-const string literal | ||||||
Compass/ROSE |
| CC2.STR05 | Fully implemented | |||||||
GCC |
| -Wwrite-strings | |||||||
Helix QAC |
| C0752, C0753 | |||||||
Klocwork |
| MISRA.STRING_LITERAL.NON_CONST.2012 | |||||||
LDRA tool suite |
| 623 S | Fully implemented |
Object declared with a const
qualifier is modified
Parasoft C/C++test |
| CERT_C-STR05-a | A string literal shall not be modified | ||||||
PC-lint Plus |
| 1776 | Fully supported | ||||||
RuleChecker |
| literal-assignment | Fully checked |
0752
0753
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
...