String literals are constant and should only be assigned to constant pointers. This recommendation supports rule STR30-C.
The const keyword is not included in this declaration.
char *c = "Hello"; /* Bad: assigned to non-const */ c[3] = 'a'; /* Undefined (but compiles) */ |
In cases where the string referenced by c is not meant to be modified, c should be declared as a const pointers,
preventing direct manipulation of the contents of the string literals.
char const *c = "Hello"; /* Good */ //c[3] = 'a'; would cause a compile error |
In cases where the string referenced by c is meant to be modified, use initialization instead of assignment. In this compliant solution, both a and b are modifiable char arrays which have been initialized using the contents of the corresponding string literal.
char a[] = "abc"; |
The above code is equivalent to:
char a[] = {'a', 'b', 'c', '\0'};
|
Though it is not compliant with the C Standard, this code executes correctly if the contents of CMUfullname are not modified.
char *CMUfullname = "Carnegie Mellon";
/* get school from user input and validate */
if (strcmp(school,"CMU")) {
school = CMUfullname;
}
|
Adding in the const keyword will generate a compiler warning, as the assignment of CMUfullname to school discards the const qualifier. Any modifications to the contents of school after this assignment will lead to errors.
char const *CMUfullname = "Carnegie Mellon";
/* get school from user input and validate */
if (strcmp(school,"CMU")) {
school = CMUfullname;
}
|
The compliant solution uses the const keyword to protect the string literal, as well as using strcpy() to copy the value of CMUfullname into school, allowing future modification of school.
char const *CMUfullname = "Carnegie Mellon";
/* get school from user input and validate */
if (strcmp(school,"CMU")) {
//assuming school is properly allocated
strcpy(school, CMUfullname);
}
|
Modifying string literals causes undefined behavior, resulting in abnormal program termination and denial-of-service vulnerabilities.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
STR05-A |
1 (low) |
3 (likely) |
2(medium) |
P6 |
L2 |
[http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc] \[[ISO/IEC 9899-1999:TC2|AA. C References#ISO/IEC 9899-1999TC2]\] Section 6.7.8, "Initialization" \[Lockheed Martin 2005\] Lockheed Martin. Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program. Document Number 2RDU00001, Rev C. December 2005. AV Rule 151.1 |