 
                            Passing narrow string arguments to wide string functions or wide string arguments to narrow string functions can lead to unexpected and undefined behavior 151. Scaling problems are likely because of the difference in size between wide and narrow characters. (See ARR39-C. Do not add or subtract a scaled integer to a pointer.) Because wide strings are terminated by a null wide character and can contain null bytes, determining the length is also problematic.
...
| Rule | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| STR38-C | High | Likely | Low | P27 | L1 | 
Automated Detection
Modern compilers recognize the difference between a char * and a wchar_t *, so compiling code that violates this rule will generate warnings. It is feasible to have automated software that recognizes functions of improper width and replaces them with functions of proper width (that is, software that uses wcsncpy() when it recognizes that the parameters are of type wchar_t *).
| Tool | Version | Checker | Description | ||||||
| Astrée | 
 | wide-narrow-string-cast wide-narrow-string-cast-implicit | Partially checked | ||||||
| Axivion Bauhaus Suite | 
 | CertC-STR38 | Fully implemented | ||||||
| Clang | 
 | -Wincompatible-pointer-types | |||||||
| CodeSonar | 
 | LANG.MEM.BO | Buffer Overrun | ||||||
| Coverity | 
 | PW | Implemented | ||||||
| Cppcheck Premium | 
 | premium-cert-str38-c | |||||||
| Helix QAC | 
 | C0432 C++0403 | |||||||
| Klocwork | 
 | CXX.DIFF.WIDTH.STR_AND_FUNC | |||||||
| Parasoft C/C++test | 
 | CERT_C-STR38-a | Do not confuse narrow and wide character strings and functions | ||||||
| PC-lint Plus | 
 | 2454, 2480, 2481 | Partially supported: reports illegal conversions involving pointers to char or wchar_t as well as byte/wide-oriented stream inconsistencies | ||||||
| Polyspace Bug Finder | 
 | Checks for misuse of narrow or wide character string (rule fully covered) | |||||||
| RuleChecker | 
 | wide-narrow-string-cast wide-narrow-string-cast-implicit | Partially checked | ||||||
| TrustInSoft Analyzer | 
 | pointer arithmetic | Partially verified. | 
...