According to the C Standard, 6.4.5, paragraph 3 [ISO/IEC 9899:20112024]:
A A character string literal is a sequence of zero or more multibyte characters enclosed in double-quotes, as in "xyz". A UTF−8 UTF-8 string literal is the same, except prefixed by u8. A wide wchar_t string literal is the same, except prefixed by the letter
L,u, orUL. A UTF-16 string literal is the same, except prefixed by u. A UTF-32 string literal is the same, except prefixed by U. Collectively, wchar_t, UTF-16, and UTF-32 string literals are called wide string literals.
At compile time, string literals are used to create an array of static storage duration of sufficient length to contain the character sequence and a terminating null character. String literals are usually referred to by a pointer to (or array of) characters. Ideally, they should be assigned only to pointers to (or arrays of) const char or const wchar_t. It is unspecified whether these arrays of string literals are distinct from each other. The behavior is undefined if a program attempts to modify any portion of a string literal. Modifying a string literal frequently results in an access violation because string literals are typically stored in read-only memory. (See undefined behavior 3332.)
Avoid assigning a string literal to a pointer to non-const or casting a string literal to a pointer to non-const. For the purposes of this rule, a pointer to (or array of) const characters must be treated as a string literal. Similarly, the returned value of the following library functions must be treated as a string literal if the first argument is a string literal:
...
In this noncompliant code example, the char pointer str is initialized to the address of a string literal. Attempting to modify the string literal is undefined behavior 32:
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *str = "string literal"; str[0] = 'S'; |
...
Modifying string literals can lead to abnormal program termination and possibly denial-of-service attacks.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
STR30-C | Low | Likely | No | LowYes | P9P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| string-literal-modfication write-to-string-literal | Fully checked | |||||||||||||||||
| Axivion Bauhaus Suite |
| CertC-STR30 | Fully implemented | |||||||||||||||||
| Compass/ROSE | Can detect simple violations of this rule | |||||||||||||||||||
| Coverity |
| PW | Deprecates conversion from a string literal to "char *" | |||||||||||||||||
| Cppcheck Premium |
| premium-cert-str30-c | ||||||||||||||||||
| Helix QAC |
| C0556, C0752, C0753, C0754 C++3063, C++3064, C++3605, C++3606, C++3607 | ||||||||||||||||||
| CERT.STR.ARG.CONST_TO_NONCONST | |||||||||||||||||||
| LDRA tool suite |
| 157 S | Partially implemented | |||||||||||||||||
| Parasoft C/C++test |
| CERT_C-STR30-a | A string literal shall not be modified | |||||||||||||||||
| PC-lint Plus |
| 489, 1776 | Partially supported | |||||||||||||||||
| Polyspace Bug Finder |
| CERT C: Rule STR30-C | Checks for writing to const qualified object (rule fully covered) | PRQA QA-C | | Include Page | | PRQA QA-C_v | 0556, 0752, 0753, 0754 | Partially implemented | PRQA QA-C++ | ||||||||||
| Include Page | cplusplus:PRQA QA-C++_V | cplusplus:PRQA QA-C++_V | ||||||||||||||||||
| 3063, 3064, 3605, 3606, 3607, 3842 | PVS-Studio |
| V675 | |||||||||||||||||
| RuleChecker |
| string-literal-modfication | Partially checked | |||||||||||||||||
| Splint |
| |||||||||||||||||||
| TrustInSoft Analyzer |
| mem_access | Exhaustively verified (see one compliant and one non-compliant example). |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
Bibliography
| [ISO/IEC 9899:20112024] | 6.4.5, "String Literals" |
| [Plum 1991] | Topic 1.26, "Strings—String Literals" |
| [Summit 1995] | comp.lang.c FAQ List, Question 1.32 |
...