According to [[MISRA 08]], concatenation of wide and narrow string literals leads to undefined behavior. This is an implicit undefined behavior according to C99 [[ISO/IEC 9899:1999]].
Noncompliant Code Example
This noncompliant code example concatenates wide and narrow string literals. The behavior is undefined in this case. However, it is likely that the programmer's intention was to create a wide string literal.
wchar_t *msg = L"This message is very long, so I want to divide it " "into two parts.";
Compliant Solution (wide string literals)
If the concatenated string needs to be a wide string literal, each element in the concatenation must be a wide string literal.
wchar_t *msg = L"This message is very long, so I want to divide it " L"into two parts.";
Compliant Solution (narrow string literals)
If wide string literals are not necessary, it is better to use narrow string literals.
char *msg = "This message is very long, so I want to divide it " "into two parts.";
Risk Assessment
Concatenation of wide and narrow string literals leads to undefined behavior.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
STR10-C |
low |
probable |
medium |
P4 |
L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[MISRA 08]] Rule 2-13-5