CERT.STR.ARG.CONST_TO

Do not pass a const char pointer to a non-const char pointer argument.

Vulnerability and risk

String literals are created at compile time to be of sufficient length and null terminated. The behavior is undefined if a program attempts to modify any portion of a string literal. Ideally, they should be assigned only to pointers to (or arrays of) const char or const whar_t.

This checker looks for assignments of string literals or const string pointers to non-const function argument pointers.

Mitigation and prevention

Use "const" on argument declarations when the pointer shouldn't modify a string.

Example

Copy

1
2
3
4
5
  void func_v1(void) {
    const char *aLiteral = "/tmp/abXXXXXX";
    mkstemp("/tmp/edXXXXXX");
    mkstemp(aLiteral);
  }

Violations will be reported on lines 3 and 4.

External guidance

CERT STR30-C: Do not attempt to modify string literals

CERT.STR.ARG.CONST_TO_NONCONST

Vulnerability and risk

Mitigation and prevention

Example

External guidance