Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

EXP05-EX2: A number of C99 standard library functions are specified to return non-const pointers that refer to their const-qualified arguments. When the actual arguments to such functions reference const objects, attempting to use the returned non-const pointers to modify the const objects would be a violation of guideline EXP40-C. Do not modify constant values and lead to undefined behavior. These functions are the following:

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

EXP05-C

medium

probable

medium

P8

L2

Automated Detection

...

...

Tool

Version

Checker

Description

Section

LDRA tool suite

...

Include Page
c:LDRA_V
c:LDRA_V

 

 

Section

GCC

Include Page
c:GCC_V
c:GCC_V

 

Section

can detect violations of this recommendation when the -Wcast-qual flag is used.

Section

Compass/ROSE

...

 

 

 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : EXP35-CPP. Do not cast away a const qualification.

Bibliography

Wiki Markup
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.7.3, "Type qualifiers"
\[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "HFC Pointer casting and pointer type changes" and "IHN Type system"
\[[MISRA 042004|AA. Bibliography#MISRA 04]\] Rule 11.5
\[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE ID 704|http://cwe.mitre.org/data/definitions/704.html], "Incorrect Type Conversion or Cast"

...