SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 113

changes.mady.by.user Unknown User (lflynn)

Saved on

compared with

New Version 114

changes.mady.by.user Arthur Hicken

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added parasoft

...

Modifying the object pointed to by the return value of getenv(), setlocale(), localeconv(), asctime(), or strerror() is undefined behavior. Even if the modification succeeds, the modified object can be overwritten by a subsequent call to the same function.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ENV30-C

Low

Probable

Medium

P4

L3

Automated Detection

Tool

Version

Checker

Description

Compass/ROSE
  


Can detect violations of this rule. In particular, it ensures that the result of getenv() is stored in a const variable

LDRA tool suite
Include Page
LDRA_V
LDRA_V
107 DPartially Implemented
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CODSTA-185_aImplemented
Polyspace Bug FinderR2016aModification of internal buffer returned from nonreentrant standard function

Function attempts to modify internal buffer returned from a nonreentrant standard function

 PRQA QA-C9.1 1492, 1493 
 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

ISO/IEC TS 17961:2013Modifying the string returned by getenv, localeconv, setlocale, and strerror [libmod]Prior to 2018-01-12: CERT: Unspecified Relationship

Bibliography

[IEEE Std 1003.1:2013]XSH, System Interfaces, getenv
XSH, System Interfaces, setlocale
XSH, System Interfaces, localeconv
[ISO/IEC 9899:2011]7.11.1.1, "The setlocale Function"
7.11.2.1, "The localeconv Function"
7.22.4.6, "The getenv Function"
7.24.6.2, "The strerror Function"

...


...