...
The compliant solution depends on the intention of the programmer. If the intention is that the value of c is modifiable, then it should not be declared as a constant. If the intention is that the value of c is not meant to change, then do not write non-compliant code that attempts to modify it.
...
Risk Assessment
Integer truncation errors can lead to buffer overflows and the execution of arbitrary code by an attacker.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level | |
|---|---|---|---|---|---|---|
EXP31-C | ||||||
Component | Value | |||||
Severity | 1 (low) | Likelihood | 1 (unlikely) Remediation cost | 2 (medium) | P2 | L3 |
References
- ISO/IEC 9899-1999 Section 6.7.3, "Type qualifiers," and Section 6.5.16.1, "Simple assignment"
...