
...
Code Block | ||
---|---|---|
| ||
void remove_spaces(char const char *str, size_t slen) { char *p = (char*)str; size_t i; for (i = 0; i < slen && str[i]; i++) { if (str[i] != ' ') *p++ = str[i]; } *p = '\0'; } |
...
In this compliant solution, the function remove_spaces()
is passed a non-const
char
pointer. The calling function must ensure that the nullNULL-terminated byte string passed to the function is not const
by making a copy of the string or by other means.
...
In this non-compliant code example, the contents of the const
int
array vals
are cleared by the call to memset()
.
Code Block | ||
---|---|---|
| ||
int const int vals[] = {3, 4, 5}; memset(vals, 0, sizeof(vals)); |
...
Code Block |
---|
void audit_log(char *errstr) { /* Legacy function defined elsewhere - cannot be modified */ fprintf(stderr, "Error: %s.\n", errstr); } /* ... */ char const char INVFNAME[] = "Invalid file name."; audit_log((char *)INVFNAME); /* ... */ |
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
EXP05-A | 1 ( low ) | 2 ( probable ) | 1 ( high ) | P2 | L3 |
Automated Detection
The LDRA tool suite V 7.6.0 is able to detect violations of this recommendation.
...