CodeQL documentation

Cast from char* to wchar_t*

ID: cpp/incorrect-string-type-conversion
Kind: problem
Security severity: 8.8
Severity: error
Precision: high
   - security
   - external/cwe/cwe-704
Query suites:
   - cpp-code-scanning.qls
   - cpp-security-extended.qls
   - cpp-security-and-quality.qls

Click to see the query in the CodeQL repository

This rule indicates a potentially incorrect cast from an byte string (char *) to a wide-character string (wchar_t *).

This cast might yield strings that are not correctly terminated; including potential buffer overruns when using such strings with some dangerous APIs.


Do not explicitly cast byte strings to wide-character strings.

For string literals, prepend the literal string with the letter “L” to indicate that the string is a wide-character string (wchar_t *).

For converting a byte literal to a wide-character string literal, you would need to use the appropriate conversion function for the platform you are using. Please see the references section for options according to your platform.


In the following example, an byte string literal ("a") is cast to a wide-character string.

wchar_t* pSrc;

pSrc = (wchar_t*)"a"; // casting a byte-string literal "a" to a wide-character string

To fix this issue, prepend the literal with the letter “L” (L"a") to define it as a wide-character string.


  • © GitHub, Inc.
  • Terms
  • Privacy