According to [[MISRA 08]], concatenation of wide and narrow string literals leads to undefined behavior. This is an inplicit undefined behavior according to C99 [[ISO/IEC 9899:1999]].
Noncompliant Code Example
This noncompliant code example concatenates wide and narrow string literals. The behavior is undefined in this case.
wchar_t *msg = L"This message is very long, so I want to divide it "
"into two parts.";
Compliant Solution (wide string literals)
If the concatenated string needs to be a wide string literal, each element in the concatenation has to be a wide string literal.
wchar_t *msg = L"This message is very long, so I want to divide it "
L"into two parts.";
Compliant Solution (narrow string literals)
If wide string literals are not necessary, it is better to use narrow string literals.
char* msg = "This message is very long, so I want to divide it "
"into two parts.";
Risk Assessment
Concatenation of wide and narrow string literals leads to undefined behavior.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
ENV30-C |
low |
probable |
medium |
P4 |
L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[MISRA 08]] Rule 2-13-5