Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Noncompliant Code Example (Narrow String Literal)

In the following this noncompliant code example, the const keyword has been omitted:

...

If a statement such as c[0] = 'C' were placed following the declaration in the noncompliant code example, the code is likely to compile cleanly, but the result of the assignment would be undefined be undefined because string literals are considered constant.

...

Noncompliant Code Example (Wide String Literal)

In the following this noncompliant code example, the const keyword has been omitted:

...

If a statement such as c[0] = L'C' were placed following this declaration, the code is likely to compile cleanly, but the result of the assignment would be undefined because be undefined because string literals are considered constant.

...

Modifying string literals causes undefined behavior, resulting in abnormal program termination and denial-of-service vulnerabilities.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

STR05-C

Low

Unlikely

Low

P3

L3

Automated Detection

Tool

Version

Checker

Description

Astrée

Compass/ROSE

 

 

Include Page
Astrée_V
Astrée_V
literal-assignment
Fully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-STR05
Clang

Include Page
Clang_V
Clang_V

-Wwrite-stringsNot enabled by -Weverything
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.TYPE.NCSNon-const string literal
Compass/ROSE
 




ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.STR05

Fully implemented

GCC

Include Page
GCC_V
GCC_V

-Wwrite-strings
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0752, C0753
Klocwork

Include Page
Klocwork_V
Klocwork_V

MISRA.STRING_LITERAL.NON_CONST.2012
LDRA tool suite
Include Page
LDRA_V
LDRA_V
157
623 S

Partially implemented

PRQA QA-C Include PagePRQA_VPRQA_V

0752
0753

Fully implemented

Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-STR05-a

A string literal shall not be modified

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

1776

Fully supported

RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
literal-assignmentFully checked
Partially implemented

Related Vulnerabilities

Search for for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[Corfield 1993]
 

[Lockheed Martin 2005]  AV Rule 151.1

...


...

Image Modified Image Modified Image Modified