The C Standard, Section subclause 6.7.3, paragraph 6 [ISO/IEC 9899:2011], states:
...
The following well-formed but noncompliant code example borrowed from Section subclause 6.5.16.1 of the C Standard allows a constant value to be modified:
| Code Block | ||||
|---|---|---|---|---|
| ||||
char const **cpp; char *cp; char const c = 'A'; cpp = &cp; /* constraintConstraint violation */ *cpp = &c; /* validValid */ *cp = 'B'; /* validValid */ |
The first assignment is unsafe because it would allow the valid code that follows to attempt to change the value of the const object c.
...
Similarly to the previous example, the following well-formed but noncompliant code example modifies a constant object after casting away its constness constness. Compiling the program on a Linux/x64 system does not produce any diagnostics even at high warning levels, but the generated executable program fails at runtime with SIGESGV.
...
If cpp, cp, and c are declared as automatic (stack) variables, this example compiles without warning on all versions of Microsoft Visual Studio when compiled in C mode (/TC). In both cases, the resulting program changes the value of c. Version GCC 3.2.2 of the GCC compiler generates a warning but compiles. The resulting program changes the value of c.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
| [ISO/IEC 9899:2011] | Section 6.7.3, "Type Qualifiers" |
...