...
A character string literal is a sequence of zero or more multibyte characters enclosed in double-quotes, as in "xyz". A UTF-8 string literal is the same, except prefixed by u8. A wchar_t string literal is the same, except prefixed by L. A UTF-16 string literal is the same, except prefixed by u. A UTF-32 string literal is the same, except prefixed by U. Collectively, wchar_t, UTF-16, and UTF-32 string literals are called wide string literals.
...
Modifying string literals can lead to abnormal program termination and possibly denial-of-service attacks.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
STR30-C | Low | Likely | No | NoLow | P9P3 | L2L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| string-literal-modfication write-to-string-literal | Fully checked | ||||||
| Axivion Bauhaus Suite |
| CertC-STR30 | Fully implemented | ||||||
| Compass/ROSE | Can detect simple violations of this rule | ||||||||
| Coverity |
| PW | Deprecates conversion from a string literal to "char *" | ||||||
| Helix QAC |
| C0556, C0752, C0753, C0754 C++3063, C++3064, C++3605, C++3606, C++3607 | |||||||
| CERT.STR.ARG.CONST_TO_NONCONST | ||||||||
| LDRA tool suite |
| 157 S | Partially implemented | ||||||
| Parasoft C/C++test |
| CERT_C-STR30-a | A string literal shall not be modified | ||||||
| PC-lint Plus |
| 489, 1776 | Partially supported | ||||||
| Polyspace Bug Finder |
| CERT C: Rule STR30-C | Checks for writing to const qualified object (rule fully covered) | ||||||
| PVS-Studio |
| V675 | |||||||
| RuleChecker |
| string-literal-modfication | Partially checked | ||||||
| Splint |
| ||||||||
| TrustInSoft Analyzer |
| mem_access | Exhaustively verified (see one compliant and one non-compliant example). |
...