...
Another possibility is to provide your own implementation of strtok() that does not modify the initial arguments.
Risk Assessment
The Linux Programmer's Manual (man) page on strtok(3) [Linux 2008] states:
...
Tool | Version | Checker | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Include Page | LDRA_V | LDRA_V | 602 S | Fully implemented. | |||||||||
Compass/ROSE |
|
|
| ||||||||||
Fortify SCA | V. 5.0 |
| Can detect violations of this rule with CERT C Rule Pack. | ||||||||||
| 602 S | Fully implemented. | Compass/ROSE |
|
|
|
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
ISO/IEC 9899:2011 Section 7.24.5.8, "The strtok function"
...
...
| Addition of data structure sentinel |
...
Bibliography
...