...
Using the envp environment pointer after the environment has been modified can result in undefined behavior.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV31-C | Low | Probable | Medium | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
| Compass/ROSE |
| LDRA tool suite |
| 118 S | Fully Implemented | ||||||
| Parasoft C/C++test |
| BD-PB-INVENV | Implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT C | VOID ENV31-CPP. Do not rely on an environment pointer following an operation that may invalidate it | Prior to 2018-01-12: CERT: Unspecified Relationship |
Bibliography
| [IEEE Std 1003.1:2013] | XSH, System Interfaces, setenv |
| [ISO/IEC 9899:2011] | J.5.1, "Environment Arguments" |
| [MSDN] | getenv, _wgetenv,_putenv_s, _wputenv_s |
...
...