CWE Rule 471

Modification of Assumed-Immutable Data (MAID)

Since R2024a

expand all in page

Description

Rule Description

The product does not properly protect an assumed-immutable element from being modified by an attacker.

Polyspace Implementation

The rule checker checks for Writing to const qualified object.

Examples

expand all

Writing to const qualified object

Issue

This issue occurs when you do one of the following:

Use a const-qualified object as the destination of an assignment.
Pass a const-qualified object to a function that modifies the argument.

For instance, the defect can occur in the following situations:

You pass a const-qualified object as first argument of one of the following functions:
- mkstemp
- mkostemp
- mkostemps
- mkdtemp
You pass a const-qualified object as the destination argument of one of the following functions:
- strcpy
- strncpy
- strcat
- memset
You perform a write operation on a const-qualified object.

Risk

The risk depends upon the modifications made to the const-qualified object.

Situation	Risk
Passing to `mkstemp`, `mkostemp`, `mkostemps`, `mkdtemp`, and so on.	These functions replace the last six characters of their first argument with a string. Therefore, they expect a modifiable `char` array as their first argument.
Passing to `strcpy`, `strncpy`, `strcat`, `memset` and so on.	These functions modify their destination argument. Therefore, they expect a modifiable `char` array as their destination argument.
Writing to the object	The `const` qualifier implies an agreement that the value of the object will not be modified. By writing to a `const`-qualified object, you break the agreement. The result of the operation is undefined.

Fix

The fix depends on the modification made to the const-qualified object.

Situation	Fix
Passing to `mkstemp`, `mkostemp`, `mkostemps`, `mkdtemp`, and so on.	Pass a non-`const` object as first argument of the function.
Passing to `strcpy`, `strncpy`, `strcat`, `memset` and so on.	Pass a non-`const` object as destination argument of the function.
Writing to the object	Perform the write operation on a non-`const` object.

See examples of fixes below.

If you do not want to fix the issue, add comments to your result or code to avoid another review. See:

Address Results in Polyspace User Interface Through Bug Fixes or Justifications if you review results in the Polyspace user interface.
Address Results in Polyspace Access Through Bug Fixes or Justifications (Polyspace Access) if you review results in a web browser.
Annotate Code and Hide Known or Acceptable Results if you review results in an IDE.

Example — Writing to const-Qualified Object

#include <string.h>

const char* buffer = "abcdeXXXXXXX";

void func(char* string) {
    char *ptr = (char*)strchr(buffer,'X');
    if(ptr)
        strcpy(ptr,string); //Noncompliant
}

In this example, because the pointer buffer is const-qualified, strchr(buffer,'X') returns a const-qualified char* pointer. When this char* pointer is used as the destination argument of strcpy, a Writing to const qualified object error appears.

Correction — Copy const-Qualified Object to Non-const Object

One possible correction is to assign the constant string to a non-const object and use the non-const object as destination argument of strchr.

#include <string.h>

char buffer[] = "abcdeXXXXXXX";

void func(char* string) { 
    char *ptr = (char*)strchr(buffer,'X');
    if(ptr)
        strcpy(ptr,string);
}

Check Information

Category: Others

Version History

Introduced in R2024a