Page History

...

Modifying string literals causes undefined behavior, resulting in abnormal program termination and denial-of-service vulnerabilities.

Recommendation	Severity	Likelihood

Remediation Cost

Detectable	Repairable	Priority	Level
STR05-C	Low	Unlikely

Low

Yes

P3

L3

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

literal-assignment

Fully checked

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-STR05

Clang

Include Page

	Clang_V
	Clang_V

-Wwrite-strings

Not enabled by -Weverything

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

LANG.TYPE.NCS

Non-const string literal

Compass/ROSE

ECLAIR

Include Page

	ECLAIR_V
	ECLAIR_V

CC2.STR05

Fully implemented

GCC

Include Page

	GCC_V
	GCC_V

-Wwrite-strings

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C0752, C0753

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

MISRA.STRING_LITERAL.NON_CONST.2012

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

157

623 S

Partially implemented

PRQA QA-C Include PagePRQA_VPRQA_V

0752
0753

Fully implemented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-STR05-a

A string literal shall not be modified

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

1776

Fully supported

RuleChecker

Include Page

	RuleChecker_V
	RuleChecker_V

literal-assignment

Fully checked

Security Reviewer - Static Reviewer

Include Page

	Security Reviewer - Static Reviewer_V
	Security Reviewer - Static Reviewer_V

RTOS_31

Fully

Partially

implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[Corfield 1993]


[Lockheed Martin 2005]	AV Rule 151.1

...

Image Modified Image Modified Image Modified

Space shortcuts

Page tree

Versions Compared

Old Version 98

New Version Current

Key

Automated Detection

Related Vulnerabilities

Bibliography