CERT C: Rec. STR10-C

Do not concatenate different type of string literals

Since R2026a

expand all in page

Description

Do not concatenate different type of string literals¹

Polyspace Implementation

The rule checker checks for Concatenated narrow and wide string literals.

Examples

expand all

Concatenated narrow and wide string literals

Issue

This issue occurs when you concatenate wide string literals and narrow string literals.

Narrow string literals are enclosed in double quotes without a prefix. Wide string literals are enclosed in double quotes with a prefix L outside the quotes. See string literal at cppreference.com.

This recommendation applies only for projects in C.

Risk

In C99 and later, concatenation of narrow and wide string literals can make the code implementation-dependent and lead to unexpected behavior. If such code is compiled on a platform that supports only the C90 standard, concatenating narrow and wide string literals can lead to undefined behavior.

Fix

If you are concatenating string literals, concatenate only string literals of the same type.

Example - Concatenation of Narrow and Wide String Literals

#include <wchar.h>

char array[] = "Hello" "World";
wchar_t mixed[] = "Hello" L"World"; // Noncompliant

In this example, in the initialization of the array mixed, the narrow string literal "Hello" is concatenated with the wide string literal L"World".

Correction — Make Both String Literals the Same Type

#include <wchar.h>

char array[] = "Hello" "World";
wchar_t w_array[] = L"Hello" L"World"; // Compliant

One possible correction is to change "Hello" to a wide string literal and concatenate it with the wide string literal L"World".

Check Information

Group: Rec. 07. Characters and Strings (STR)

PQL Name: std.cert.STR10_C

Version History

Introduced in R2026a

¹ This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.