Flawfinder

I just came across this issue on Ulrich Drepper's blog
(http://udrepper.livejournal.com/15119.html):

#include <stdio.h>
#include <string.h>
int main(void)
{
const char s[] = "hello";
strcpy (s, "bye");
puts (s);
return 0;
}

gcc will compile it, albeit with a warning.
The executable's output will be "bye".
As long as a character constant will be declared in a function using the
braces ("[]") it won't be immutable even though many people would consider
it to be.

A better solution:

static const char s[] = "hello";

Now trying to write to s results immediately in a crash at runtime. This
flaw can be detected more easily when testing and even though it won't be
detected there is one chance less to compromise.

I'd like flawfinder to give an appropriate warning message with an
improvement proposal which could be e.g.:

Consider using both static and const modifiers together to prevent
unintended alterations of variables declared as const.