As string literals are constant, they should only be assigned to constant pointers. This recommendation supports rule STR30-C.

Non-Compliant Code Example 1

The const keyword is not included in this declaration.

char* c = "Hello"; // Bad: assigned to non-const
c[3] = 'a'; // Undefined (but compiles)

Compliant Solution 1

If you properly assign string literals to const pointers, the compiler will not allow direct manipulation of the contents.

char const * c = "Hello"; // Good
//c[3] = 'a'; would cause a compile error

Aside

Note that the following code is acceptable, as a and b do not actually point to string literals. They are char array objects which have had characters copied into them, and therefore are modifiable.

char a[] = "abc";
char b[3] = "abc";

The above code is equivalent to:

char a[] = {'a', 'b', 'c', '\0'};
char b[] = {'a', 'b', 'c'};

Non-Compliant Coding Example 2.a

Though it is not compliant with the C Standard, this code executes correctly if the contents of CMUfullname are not modified.

char* CMUfullname = "Carnegie Mellon";

/* get school from user input and validate */

if (strcmp(school,"CMU")) {
    school = CMUfullname;
}

Non-Compliant Coding Example 2.b

Adding in the const keyword will generate a compiler warning, as the assignment of CMUfullname to school discards the const qualifier. Any modifications to the contents of school after this assignment will lead to errors.

char const * CMUfullname = "Carnegie Mellon";

/* get school from user input and validate */

if (strcmp(school,"CMU")) {
    school = CMUfullname;
}

Compliant Solution 2

The compliant solution uses the const keyword to protect the string literal, as well as using strcpy to copy the value of CMUfullname into school, allowing future modification of school.

char const * CMUfullname = "Carnegie Mellon";

/* get school from user input and validate */

if (strcmp(school,"CMU")) {
    //assuming school is properly allocated
    strcpy(school, CMUfullname);
}

Risk Assessment

Modifying string literals causes undefined behavior, resulting in abnormal program termination and denial-of-service vulnerabilities.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

STR05-A

1 (low)

3 (likely)

2(medium)

P6

L2

References:

[http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc]
\[[ISO/IEC 9899-1999:TC2|AA. C References#ISO/IEC 9899-1999TC2]\] Section 6.7.8, "Initialization"
\[Lockheed Martin 2005\] Lockheed Martin. Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program. Document Number 2RDU00001, Rev C. December 2005.     AV Rule 151.1