...
In this example, the strtok() function is used to parse the first argument into colon-delimited tokens; it will output each word from the string on a new line. However, after the while loop ends, path will have been modified to look like this: "/usr/bin\0/bin\0/usr/sbin\0/sbin\0". This is an issue on several levels. If we check our local path variable, we will only see /usr/bin now. Even worse, we have unintentionally changed the environment variable PATH, which could cause more confusion (see
ENV30-C. Do not modify the string returned by getenv())unintended results.
Compliant Solutions
One possible solution is to copy the string being tokenized into a temporary buffer which isn't referenced after the calls to strtok():
...