CERT C++: STR30-C

Do not attempt to modify string literals

expand all in page

Description

Rule Definition

Do not attempt to modify string literals.¹

Polyspace Implementation

The rule checker checks for Modifying string literal.

Examples

expand all

Modifying string literal

Issue

Modifying string literal occurs when you attempt to modify a string literal. For instance, Polyspace^® reports a violation if you:

Use a string literal as the destination of an assignment.
Pass a string literal to a function that modifies the argument. Examples of such functions include: strcpy, strncpy, strcat, memset.

Polyspace considers these as string literals:

Character sequences with no prefix
Character sequences with the prefix u8, L, u, and U.
Raw string (R"...") with prefixes u8, L, u, and U.
User-defined string literals defined by using the "" operator.

Risk

Attempting to modify string literal results in undefined behavior. Because string literals are typically stored in read-only memory, attempting to modify a string literal can result in an access violation

Fix

Avoid modifying string literal. For instance, assign string literals to const-qualified pointers or const-qualified objects.

See examples of fixes below.

If you do not want to fix the issue, add comments to your result or code to avoid another review. See:

Address Results in Polyspace User Interface Through Bug Fixes or Justifications if you review results in the Polyspace user interface.
Address Results in Polyspace Access Through Bug Fixes or Justifications (Polyspace Access) if you review results in a web browser.
Annotate Code and Hide Known or Acceptable Results if you review results in an IDE.

Example - Writing to String literal

#include <string.h>

char* buffer = "abcdeXXXXXXX";

void func(char* string) {
    char *ptr = (char*)strchr(buffer,'X');
    if(ptr)
        strcpy(ptr,string); //Noncompliant
}

In this example, because buffer is a string literal, strchr(buffer,'X') returns a string literal. When string literal is used as the destination argument of strcpy, Polyspace reports a violation of this rule.

Correction — Copy string literal into an array

To resolve this violation, use the string literal as an initializer for the array buffer. This way, a copy of the string literal is stored in buffer, which can be modified safely.

#include <string.h>

char buffer[] = "abcdeXXXXXXX";

void func(char* string) { 
    char *ptr = (char*)strchr(buffer,'X');
    if(ptr)
        strcpy(ptr,string);
}

Check Information

Group: 05. Characters and Strings (STR)

Version History

Introduced in R2019a

¹ This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.