Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Modifying string literals causes undefined behavior, resulting in abnormal program termination and denial-of-service vulnerabilities.

Recommendation

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

STR05-C

Low

Unlikely

Yes

Low

Yes

P3

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
literal-assignment
Fully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-STR05
Clang

Include Page
Clang_V
Clang_V

-Wwrite-stringsNot enabled by -Weverything
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.TYPE.NCSNon-const string literal
Compass/ROSE

 

 

 




ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.STR05

Fully implemented

GCC

Include Page
GCC_V
GCC_V

-Wwrite-strings
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0752, C0753
Klocwork

Include Page
Klocwork_V
Klocwork_V

MISRA.STRING_LITERAL.NON_CONST.2012
 

LDRA tool suite
Include Page
LDRA_V
LDRA_V
623 S

Fully implemented

Polyspace Bug FinderR2016aWriting to const qualified object

Object declared with a const qualifier is modified

PRQA QA-C Include PagePRQA QA-C_vPRQA QA-C_v

0752
0753

Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-STR05-a

A string literal shall not be modified

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

1776

Fully supported

RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
literal-assignmentFully checked
Security Reviewer - Static Reviewer

Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V

RTOS_31Fully
Partially
implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[Corfield 1993]
 

[Lockheed Martin 2005]  AV Rule 151.1

 


...

Image Modified Image Modified Image Modified