According to [[MISRA 08]], concatenation of wide and narrow string literals leads to undefined behavior. This is an implicit undefined behavior according to C99 [[ISO/IEC 9899:1999]].
Noncompliant Code Example
This noncompliant code example concatenates wide and narrow string literals. Although the behavior is undefined in this case, the programmer probably intended to create a wide string literal.
wchar_t *msg = L"This message is very long, so I want to divide it " "into two parts.";
Compliant Solution (Wide String Literals)
If the concatenated string needs to be a wide string literal, each element in the concatenation must be a wide string literal, as in this compliant solution.
wchar_t *msg = L"This message is very long, so I want to divide it " L"into two parts.";
Compliant Solution (Narrow String Literals)
If wide string literals are unnecessary, it is better to use narrow string literals, as in this compliant solution.
char *msg = "This message is very long, so I want to divide it " "into two parts.";
Risk Assessment
The concatenation of wide and narrow string literals leads to undefined behavior.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
STR10-C |
low |
probable |
medium |
P4 |
L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[MISRA 08]] Rule 2-13-5
07. Characters and Strings (STR) STR11-C. Use expression containing sizeof operator to calculate the length of an array