...
Adding const qualification may propagate through a program; as you add const qualifiers are added, still more become necessary. This phenomenon is sometimes called const-poisoning. Const-poisoning can frequently lead to violations of EXP05-C. Do not cast away a const qualification. Although const qualification is a good idea, the costs may outweigh the value in the remediation of existing code.
Noncompliant Code Example (Narrow String Literal)
In the following this noncompliant code example, the const keyword has been omitted.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *c = "Hello"; |
If a statement , such as c[0] = 'C', were placed following the declaration in the noncompliant code example, the code is likely to compile cleanly, but the result of the assignment would be undefined be undefined because string literals are considered constant.
...
In this compliant solution, the characters referred to by the pointer c are const-qualified, meaning that any attempt to assign them to different values is an error.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
const char *c = "Hello"; |
...
In cases where the string is meant to be modified, use initialization instead of assignment. In this compliant solution, c is a modifiable char array that has been initialized using the contents of the corresponding string literal.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
char c[] = "Hello"; |
...
Noncompliant Code Example (Wide String Literal)
In the following this noncompliant code example, the const keyword has been omitted.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
wchar_t *c = L"Hello"; |
If a statement , such as c[0] = L'C', were placed following the above this declaration, the code is likely to compile cleanly, but the result of the assignment would be undefined because be undefined because string literals are considered constant.
...
In this compliant solution, the characters referred to by the pointer c are const-qualified, meaning that any attempt to assign them to different values is an error.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
wchar_t const *c = L"Hello"; |
...
In cases where the string is meant to be modified, use initialization instead of assignment. In this compliant solution, c is a modifiable wchar_t array that has been initialized using the contents of the corresponding string literal.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
wchar_t c[] = L"Hello"; |
...
Modifying string literals causes undefined behavior, resulting in abnormal program termination and denial-of-service vulnerabilities.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR05-C |
Low |
Unlikely |
Low | P3 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| literal-assignment | Fully checked | ||||||
| Axivion Bauhaus Suite |
| CertC-STR05 | |||||||
| Clang |
| -Wwrite-strings | Not enabled by -Weverything | ||||||
| CodeSonar |
| LANG.TYPE.NCS | Non-const string literal | ||||||
| Compass/ROSE |
|
CC2.STR05 | Fully implemented | ||||||||
| GCC |
| -Wwrite-strings | |||||||
| Helix QAC |
| C0752, C0753 | |||||||
| Klocwork |
| MISRA.STRING_LITERAL.NON_CONST.2012 | |||||||
| LDRA tool suite |
|
| 623 S |
Partially implemented
0752
0753
Fully implemented | |||||||||
| Parasoft C/C++test |
| CERT_C-STR05-a | A string literal shall not be modified | ||||||
| PC-lint Plus |
| 1776 | Fully supported | ||||||
| RuleChecker |
| literal-assignment | Fully checked |
Related Vulnerabilities
Search for for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
...