...
For characters in the basic character set, it doesn't matter does not matter which data type is used, except for type compatibility. Consequently, it is best to use plain char
for character data for compatibility with standard string-handling functions.
In most cases, the only portable operators on plain char
types are assignment and equality operators (=
, ==
, !=
). An exception is the translation to and from digits. For example, if the char
c
is a digit, c - '0'
is a value between 0 and 9.
Noncompliant Code Example
The following This noncompliant code example simply shows the standard string-handling function strlen()
being called with a plain character string, a signed character string, and an unsigned character string. The strlen()
functions function takes a single argument of type const char
*.:
Code Block | ||||
---|---|---|---|---|
| ||||
size_t len; char cstr[] = "char string"; signed char scstr[] = "signed char string"; unsigned char ucstr[] = "unsigned char string"; len = strlen(cstr); len = strlen(scstr); /* warnsWarns when char is unsigned */ len = strlen(ucstr); /* warnsWarns when char is signed */ |
Compiling at high warning levels in compliance with recommendation MSC00-C. Compile cleanly at high warning levels causes warnings to be issued when
- Converting from
unsigned char[]
toconst char *
whenchar
is signed - Converting from
signed char[]
toconst char *
whenchar
is defined to be Wiki Markup converting from {{unsigned char\[\]}} to {{const char *}} when {{char}} is signed
converting from {{signed char\[\]}} to {{const char *}} when {{char}} is defined to be unsignedWiki Markup
Casts are required to eliminate these warnings, but excessive casts can make code difficult to read and hide legitimate warning messages.
If this C code were compiled using a C+\+ compiler, conversions from {{ Wiki Markup unsigned
char
\[
\]
}} to {{const
char
*
}} and from {{signed
char
\[
\]
}} to {{const
char
*
}} would be flagged as errors requiring casts.
Compliant Solution
The compliant solution uses plain char
for character data.:
Code Block | ||||
---|---|---|---|---|
| ||||
size_t len;
char cstr[] = "char string";
len = strlen(cstr);
|
...
Failing to use plain char
for characters in the basic character set can lead to excessive casts and less effective compiler diagnostics.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
STR04-C |
Low |
Unlikely |
Low | P3 | L3 |
Automated Detection
Tool | Version | Checker | Description |
---|
Section |
---|
Fortify SCA |
Section |
---|
V. 5.0 |
Section |
---|
can detect violations of this rule with CERT C Rule Pack, except cases involving signed char |
Section |
---|
EDG Front End to Compass/ROSE |
Section |
---|
Compass/ROSE |
Astrée |
| Supported indirectly via MISRA C:2004 rule 6.1. | |||||||
Axivion Bauhaus Suite |
| CertC-STR04 | |||||||
CodeSonar |
| LANG.TYPE.IAT LANG.TYPE.ICA LANG.TYPE.IOT LANG.TYPE.MOT | Inappropriate assignment type Inappropriate character arithmetic Inappropriate operand type Mismatched operand types | ||||||
Compass/ROSE | |||||||||
ECLAIR |
| CC2.STR04 | Fully implemented | ||||||
EDG | |||||||||
Helix QAC |
| C0432, C0674, C0699 | |||||||
LDRA tool suite |
| 93 S, 101 S, 329 S, 432 S, 458 S | Partially implemented | ||||||
Parasoft C/C++test |
| CERT_C-STR04-a | The plain char type shall be used only for the storage and use of character values | ||||||
RuleChecker |
| Supported indirectly via MISRA C:2004 rule 6.1. | |||||||
SonarQube C/C++ Plugin |
| S810 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
...
ISO/IEC 9899:1999 Section 6.2.5, "Types"
MISRA Rule 6.1, "The plain char type shall be used only for the storage and use of character values"
Bibliography
MISRA C:2012 | Rule 10.1 (required) |
...
STR03-C. Do not inadvertently truncate a null-terminated byte string 07. Characters and Strings (STR)