SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 33 Next »

A string literal is a sequence of zero or more multibyte characters enclosed in double quotes ("xyz", for example). A wide string literal is the same, except prefixed by the letter L (L"xyz", for example).

At compile time, string literals are used to create an array of static storage duration and sufficient length to contain the character sequence and a null-termination character. It is unspecified whether these arrays are distinct. The behavior is undefined if a program attempts to modify string literals but frequently results in an access violation, as string literals are typically stored in read-only memory.

Do not attempt to modify a string literal. Use a named array of characters to obtain a modifiable string.

Non-Compliant Code Example

In this non-compliant code example, the char pointer p is initialized to the address of a string literal. Attempting to modify the string literal results in undefined behavior.

char *p  = "string literal";
p[0] = 'S';

Compliant Solution

As an array initializer, a string literal specifies the initial values of characters in an array (as well as the size of the array). This code creates a copy of the string literal in the space allocated to the character array a. The string stored in a can be safely modified.

char a[] = "string literal";
a[0] = 'S';

Non-Compliant Code Example

In this non-compliant example, the mktemp() function modifies its string argument.

mktemp("/tmp/edXXXXXX");

Compliant Solution

Instead of passing a string literal, use a named array:

static char fname[] = "/tmp/edXXXXXX";

mktemp(fname);

Risk Assessment

Modifying string literals can lead to abnormal program termination and possibly denial-of-service attacks.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

STR30-C

1 (low)

3 (likely)

3 (low)

P9

L2

Automated Detection

The LDRA tool suite V 7.6.0 is able to detect violations of this rule.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[ISO/IEC 9899-1999]] Section 6.4.5, "String literals"
[[Summit 95]] comp.lang.c FAQ list - Question 1.32
[[Plum 91]] Topic 1.26, "strings - string literals"

STR06-A. Do not assume that strtok() leaves the parse string unchanged      07. Characters and Strings (STR)      

  • No labels