...
Section 7.22.4.6 of the C standard Standard [ISO/IEC 9899:2011] defines getenv as follows:
...
Consequently, if the string returned by getenv() must be altered, a local copy should be created. Altering the string returned by getenv() results in undefined behavior. See also undefined behavior 184 of Annex J of C11the C Standard.
Similarly, Section 7.11.1.1 [ISO/IEC 9899:2011] defines setlocale and localeconv as follows:
...
In this noncompliant example, the object returned from the C Standard Library standard library function localeconv() is modified.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
| ENV30-CPP. Do not modify the string returned by getenv() | |
| ISO/IEC TS 17961 (Draft) | Modifying the string returned by getenv, localeconv, setlocale, and strerror [libmod] |
Bibliography
...
| ] | Section 7.11.1.1, "The setlocale |
...
| Function" Section 7.22.4.6, "The getenv |
...
| Function" |
...
Section 7.24.6.2, "The strerror |
...
| Function" |
...
| [ |
...
Bibliography
...
...
...