You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 25 Next »

String literals are constant and should only be assigned to constant pointers. This recommendation supports rule STR30-C.

Non-Compliant Code Example

The const keyword is not included in this declaration.

char *c = "Hello"; /* Bad: assigned to non-const */
c[3] = 'a'; /* Undefined (but compiles) */

Compliant Solution 1

In cases where the string referenced by c is not meant to be modified, c should be declared as a const pointers,
preventing direct manipulation of the contents of the string literals.

char const *c = "Hello"; /* Good */
//c[3] = 'a'; would cause a compile error

Compliant Solution 1

In cases where the string referenced by c is meant to be modified, use initialization instead of assignment. In this compliant solution, both a and b are modifiable char arrays which have been initialized using the contents of the corresponding string literal.

char a[] = "abc";

The above code is equivalent to:

char a[] = {'a', 'b', 'c', '\0'};

Non-Compliant Code Example 1

Though it is not compliant with the C Standard, this code executes correctly if the contents of CMUfullname are not modified.

char *CMUfullname = "Carnegie Mellon";

/* get school from user input and validate */

if (strcmp(school,"CMU")) {
    school = CMUfullname;
}

Non-Compliant Code Example 2

Adding in the const keyword will generate a compiler warning, as the assignment of CMUfullname to school discards the const qualifier. Any modifications to the contents of school after this assignment will lead to errors.

char const *CMUfullname = "Carnegie Mellon";

/* get school from user input and validate */

if (strcmp(school,"CMU")) {
    school = CMUfullname;
}

Compliant Solution

The compliant solution uses the const keyword to protect the string literal, as well as using strcpy() to copy the value of CMUfullname into school, allowing future modification of school.

char const *CMUfullname = "Carnegie Mellon";

/* get school from user input and validate */

if (strcmp(school,"CMU")) {
    //assuming school is properly allocated
    strcpy(school, CMUfullname);
}

Risk Assessment

Modifying string literals causes undefined behavior, resulting in abnormal program termination and denial-of-service vulnerabilities.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

STR05-A

1 (low)

3 (likely)

2(medium)

P6

L2

References:

http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc
[[ISO/IEC 9899-1999:TC2]] Section 6.7.8, "Initialization"
[Lockheed Martin 2005] Lockheed Martin. Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program. Document Number 2RDU00001, Rev C. December 2005.     AV Rule 151.1

  • No labels