Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

According to MISRA 2008, concatenation of wide and narrow string literals leads to undefined behavior. This is an implicit undefined behavior according to C99 was once considered implicitly undefined behavior until C90 [ISO/IEC 9899:1990]. However, C99 defined this behavior [ISO/IEC 9899:1999], and C11 further explains in subclause 6.4.5, paragraph 5 [ISO/IEC 9899:2011]:

In translation phase 6, the multibyte character sequences specified by any sequence of adjacent character and identically-prefixed string literal tokens are concatenated into a single multibyte character sequence. If any of the tokens has an encoding prefix, the resulting multibyte character sequence is treated as having the same prefix; otherwise, it is treated as a character string literal. Whether differently-prefixed wide string literal tokens can be concatenated and, if so, the treatment of the resulting multibyte character sequence are implementation-defined.

Nonetheless, it is recommended that string literals that are concatenated should all be the same type so as not to rely on implementation-defined behavior or undefined behavior if compiled on a platform that supports only C90.

Noncompliant Code Example (C90)

This noncompliant code example concatenates wide and narrow string literals. Although the behavior is undefined in this caseC90, the programmer probably intended to create a wide string literal.

Code Block
bgColor#ffcccc
langc

wchar_t *msg = L"This message is very long, so I want to divide it "
                "into two parts.";

Compliant Solution (C90, Wide String Literals)

If the concatenated string needs to be a wide string literal, each element in the concatenation must be a wide string literal, as in this compliant solution.:

Code Block
bgColor#ccccff
langc

wchar_t *msg = L"This message is very long, so I want to divide it "
               L"into two parts.";

Compliant Solution (C90, Narrow String Literals)

If wide string literals are unnecessary, it is better to use narrow string literals, as in this compliant solution.:

Code Block
bgColor#ccccff
langc

char *msg = "This message is very long, so I want to divide it "
            "into two parts.";

...

The concatenation of wide and narrow string literals leads could lead to undefined behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

STR10-C

low

Low

probable

Probable

medium

Medium

P4

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
encoding-mismatchFully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-STR10
ECLAIR
Include Page
ECLAIR_V
ECLAIR_V

CC2.STR10

Fully implemented.

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0874
LDRA tool suite
Include Page
LDRA_V
LDRA_V
450 SFully implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-STR10-a

Narrow and wide string literals shall not be concatenated
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

707

Fully supported

SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
NarrowAndWideStringConcat
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
encoding-mismatchFully checked

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

MISRA C++:2008Rule 2-13-5

Bibliography

[ISO/IEC 9899:2011]Section 6.4.5, "String Literals"


...

Image Modified Image Modified Image Modified