 
                            The type of a narrow string literal is an array of char, and the type of a wide string literal is an array of wchar_t. However, string literals (of both types) are notionally constant and should consequently be protected by const qualification. This recommendation is a specialization of DCL00-AC. Const-qualify immutable objects and also supports rule STR30-C. Do not attempt to modify string literals.
Adding const qualification may propagate through a program; as you add const qualifiers are added, still more become necessary. This phenomenon is sometimes called " const-poisoning. " Const-poisoning can frequently lead to violations of EXP05-AC. Do not cast away a const qualification. While  Although const qualification is a good idea, the costs may outweigh the value in the remediation of existing code.
...
Noncompliant Code Example (
...
Narrow String Literal)
In the following non-compliant codethis noncompliant code example, the const keyword has been omitted.:
| Code Block | ||||
|---|---|---|---|---|
| 
 | ||||
| 
char *c = "Hello";
 | 
...
If   a   statement   such   as  {{c\[0\]   =   'C'}}  were   placed   following   the  above declaration, the code is likely to compile cleanly, but the result of the assignment is undefined as string literals are considered declaration in the noncompliant code example, the code is likely to compile cleanly, but the result of the assignment would be undefined because string literals are considered constant.
Compliant Solution (
...
Immutable Strings)
In this compliant solution, the characters referred to by the pointer c are const-qualified, meaning that any attempts attempt to assign them to different values is an error.:
| Code Block | ||||
|---|---|---|---|---|
| 
 | ||||
| 
const char *c = "Hello";
 | 
Compliant Solution (
...
Mutable Strings)
In cases where the string is meant to be modified, use initialization instead of assignment. In this compliant solution, c is a modifiable char array which that has been initialized using the contents of the corresponding string literal.:
| Code Block | ||||
|---|---|---|---|---|
| 
 | ||||
| 
char c[] = "Hello";
 | 
Wiki Markup c\[0\]   =   'C'}}  is   valid   and   behaves   as   expected.
...
Noncompliant Code Example (
...
Wide String Literal)
In the following non-compliant codethis noncompliant code example, the const keyword has been omitted.:
| Code Block | ||||
|---|---|---|---|---|
| 
 | ||||
| 
wchar_t *c = L"Hello";
 | 
Wiki Markup c\[0\]   =   L'C'}}  were   placed   following  the above this declaration,   the   code   is   likely   to   compile   cleanly,   but   the   result   of  the assignment is undefined as string literals are considered the assignment would be undefined because string literals are considered constant.
Compliant Solution (
...
Immutable Strings)
In this compliant solution, the characters referred to by the pointer c are const-qualified, meaning that any attempts attempt to assign them to different values is an error.:
| Code Block | ||||
|---|---|---|---|---|
| 
 | ||||
| const wchar_t const *c = L"Hello"; | 
Compliant Solution (
...
Mutable Strings)
In cases where the string is meant to be modified, use initialization instead of assignment. In this compliant solution, c is a modifiable char array which wchar_t array that has been initialized using the contents of the corresponding string literal.:
| Code Block | ||||
|---|---|---|---|---|
| 
 | ||||
| 
wchar_t c[] = L"Hello";
 | 
Wiki Markup c\[0\]   =   L'C'}}  is   valid   and   behaves   as   expected.
Risk Assessment
Modifying string literals causes undefined behavior, resulting in abnormal program termination and denial-of-service vulnerabilities.
| Recommendation | Severity | Likelihood | Detectable | 
|---|
| Repairable | Priority | Level | 
|---|---|---|
| STR05- | 
| C | Low | 
| Unlikely | 
| Yes | 
| Yes | 
| P3 | 
| L3 | 
Automated Detection
...
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée | 
 | literal-assignment | Fully checked | ||||||
| Axivion Bauhaus Suite | 
 | CertC-STR05 | |||||||
| Clang | 
 | -Wwrite-strings | Not enabled by -Weverything | ||||||
| CodeSonar | 
 | LANG.TYPE.NCS | Non-const string literal | ||||||
| Compass/ROSE | |||||||||
| 
 | CC2.STR05 | Fully implemented | |||||||
| GCC | 
 | -Wwrite-strings | |||||||
| Helix QAC | 
 | C0752, C0753 | |||||||
| Klocwork | 
 | MISRA.STRING_LITERAL.NON_CONST.2012 | |||||||
| LDRA tool suite | 
 | 623 S | Fully implemented | ||||||
| Parasoft C/C++test | 
 | CERT_C-STR05-a | A string literal shall not be modified | ||||||
| PC-lint Plus | 
 | 1776 | Fully supported | ||||||
| RuleChecker | 
 | literal-assignment | Fully checked | 
Related Vulnerabilities
Search for
The LDRA tool suite V 7.6.0 is able to detect violations of this recommendation.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References:
| Wiki Markup | 
|---|
| \[[Corfield 93|AA. C References#Corfield 93]\]
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.7.8, "Initialization"
\[[Lockheed Martin 2005|AA. C References#Lockheed Martin 05]\] AV Rule 151.1 | 
Bibliography
| [Corfield 1993] | |
| [Lockheed Martin 2005] | AV Rule 151.1 | 
...
STR04-A. Use plain char for characters in the basic character set 07. Characters and Strings (STR) STR06-A. Do not assume that strtok() leaves the parse string unchanged