Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider (sch jbop) (X_X)@==(Q_Q)@

...

Code Block
bgColor#FFcccc
void remove_spaces(char const char *str, size_t slen) {
   char *p = (char*)str;
   size_t i;
   for (i = 0; i < slen && str[i]; i++) {
      if (str[i] != ' ') *p++ = str[i];
   }
   *p = '\0';
}

...

In this compliant solution, the function remove_spaces() is passed a non-const char pointer. The calling function must ensure that the nullNULL-terminated byte string passed to the function is not const by making a copy of the string or by other means.

...

In this non-compliant code example, the contents of the const int array vals are cleared by the call to memset().

Code Block
bgColor#FFcccc
int const int vals[] = {3, 4, 5};
memset(vals, 0, sizeof(vals));

...

Code Block
void audit_log(char *errstr) {  /* Legacy function defined elsewhere - cannot be modified */
  fprintf(stderr, "Error: %s.\n", errstr);
}

/* ... */
char const char INVFNAME[]  = "Invalid file name.";
audit_log((char *)INVFNAME);
/* ... */

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

EXP05-A

1 ( low )

2 ( probable )

1 ( high )

P2

L3

Automated Detection

The LDRA tool suite V 7.6.0 is able to detect violations of this recommendation.

...