Cast from char* to wchar_t*¶
ID: cpp/incorrect-string-type-conversion Kind: problem Severity: error Precision: high Tags: - security - external/cwe/cwe-704 Query suites: - cpp-code-scanning.qls - cpp-security-extended.qls - cpp-security-and-quality.qls
This rule indicates a potentially incorrect cast from an byte string (
char *) to a wide-character string (
This cast might yield strings that are not correctly terminated; including potential buffer overruns when using such strings with some dangerous APIs.
Do not explicitly cast byte strings to wide-character strings.
For string literals, prepend the literal string with the letter “L” to indicate that the string is a wide-character string (
For converting a byte literal to a wide-character string literal, you would need to use the appropriate conversion function for the platform you are using. Please see the references section for options according to your platform.
In the following example, an byte string literal (
"a") is cast to a wide-character string.
wchar_t* pSrc; pSrc = (wchar_t*)"a"; // casting a byte-string literal "a" to a wide-character string
To fix this issue, prepend the literal with the letter “L” (
L"a") to define it as a wide-character string.