Page History

According to MISRA 2008, concatenation of wide and narrow string literals leads to undefined behavior. This was once considered implicitly undefined behavior until C90 [ISO/IEC 9899:1990]. However, C99 defined this behavior [ISO/IEC 9899:1999], and C11 further explains in section subclause 6.4.5, paragraph 5 [ISO/IEC 9899:2011]:

In translation phase 6, the multibyte character sequences specified by any sequence of adjacent character and identically-prefixed string literal tokens are concatenated into a single multibyte character sequence. If any of the tokens has an encoding prefix, the resulting multibyte character sequence is treated as having the same prefix; otherwise, it is treated as a character string literal. Whether differently-prefixed wide string literal tokens can be concatenated and, if so, the treatment of the resulting multibyte character sequence are implementation-defined.

Nonetheless, it is recommended that string literals that are concatenated should all be the same type so as not to rely on implementation-defined behavior or undefined behavior if compiled on a platform that supports only C90.

...

This noncompliant code example concatenates wide and narrow string literals. Although the behavior is undefined in C90, the programmer probably intended to create a wide - string literal.

Code Block

bgColor	#ffcccc
lang	c

wchar_t *msg = L"This message is very long, so I want to divide it "
                "into two parts.";

...

If the concatenated string needs to be a wide string literal, each element in the concatenation must be a wide string literal, as in this compliant solution.:

Code Block

bgColor	#ccccff
lang	c

wchar_t *msg = L"This message is very long, so I want to divide it "
               L"into two parts.";

...

If wide string literals are unnecessary, it is better to use narrow string literals, as in this compliant solution.:

Code Block

bgColor	#ccccff
lang	c

char *msg = "This message is very long, so I want to divide it "
            "into two parts.";

...

The concatenation of wide and narrow string literals could lead to undefined behavior.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
STR10-C

low

Low

probable

Probable

medium

Medium

P4

L3

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

encoding-mismatch

Fully checked

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-STR10

ECLAIR

Include Page

	ECLAIR_V
	ECLAIR_V

stltccat

CC2.STR10

Fully implemented.

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C0874

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

450 S

Fully implemented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-STR10-a

Narrow and wide string literals shall not be concatenated

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

707

Fully supported

SonarQube C/C++ Plugin

Include Page

	SonarQube C/C++ Plugin_V
	SonarQube C/C++ Plugin_V

NarrowAndWideStringConcat

RuleChecker

Include Page

	RuleChecker_V
	RuleChecker_V

encoding-mismatch

Fully checked

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

MISRA C++:2008

Rule 2-13-5

Bibliography

[ISO/IEC 9899:

...

ISO/IEC 9899:1999

...

2011]

Section 6.4.5, "String

...

Literals"

...

Image Modified Image Modified Image Modified

Space shortcuts

Page tree

Versions Compared

Old Version 28

New Version Current

Key

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography