SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 37 Next »

Do not cast away a const qualification on a variable type. Casting away the const qualification will allow violation of rule [[EXP31-C. Do not modify constant values]] prohibiting the modification of constant values.

Non-Compliant Code Example

The remove_spaces() function in this example accepts a pointer to a string str and a string length slen and removes the space character from the string by shifting the remaining characters towards the front of the string. The function remove_spaces() is passed a const char pointer. It then typecasts the const qualification away and proceeds to modify the contents.

void remove_spaces(char const *str, size_t slen) {
   char *p = (char*)str;
   size_t i;
   for (i = 0; i < slen && str[i]; i++) {
      if (str[i] != ' ') *p++ = str[i];
   }
   *p = '\0';
}

Compliant Solution

In this compliant solution the function remove_spaces() is passed a non-const char pointer. The calling function must ensure that the NULL-terminated byte string passed to the function is not const by making a copy of the string or by other means.

void remove_spaces(char *str, size_t slen) {
   char *p = str;
   size_t i;
   for (i = 0; i < slen && str[i]; i++) {
      if (str[i] != ' ') *p++ = str[i];
   }
   *p = '\0';
}

Non-Compliant Code Example

In this example, a const int array vals is declared and its content modified by memset() with the function, clearing the contents of the vals array.

int const vals[] = {3, 4, 5};
memset(vals, 0, sizeof(vals));

Compliant Solution

If the intention is to allow the array values to be modified, do not declare the array as const.

int vals[] = {3, 4, 5};
memset(vals, 0, sizeof(vals));

Otherwise, do not attempt to modify the contents of the array.

Exceptions

An exception to this rule is allowed when it is necessary to cast away const when invoking a legacy API that does not accept a const argument, provided the function does not attempt to modify the referenced variable. For example, the following code casts away the const qualification of INVFNAME in the call to the log() function.

void log(char *errstr) {
  fprintf(stderr, "Error: %s.\n", errstr);
}

/* ... */
char const INVFNAME[]  = "Invalid file name.";
log((char *)INVFNAME);
/* ... */

Risk Assessment

If the object really is constant, the compiler may have put it in ROM or write-protected memory. Trying to modify such an object may lead to a program crash. This could allow an attacker to mount a denial-of-service attack.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP05-A

1 (low)

2 (probable)

2 (medium)

P4

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[ISO/IEC 9899-1999]] Section 6.7.3, "Type qualifiers"

  • No labels