Some implementations provide a nonportable environment pointer that is valid when main() is called but may be invalidated by operations that modify the environment.
The C Standard, J.5.1 2 [ISO/IEC 9899:20112024], states
In a hosted environment, the main function receives a third argument, char *envp[], that points to a null-terminated array of pointers to char, each of which points to a string that provides information about the environment for this execution of the program (5.1.2.3.2).
Consequently, under a hosted environment supporting this common extension, it is possible to access the environment through a modified form of main():
...
Because envp may no longer point to the current environment, this program has undefined unanticipated behavior.
Compliant Solution (POSIX)
...
Because envp no longer points to the current environment, this program has undefined unanticipated behavior.
Compliant Solution (Windows)
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV31-C | Low | Probable | Medium | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| Supported | |||||||
| Compass/ROSE | |||||||||
| Cppcheck Premium | 24.9.0 | premium-cert-env31-c | Fully implemented | ||||||
| Helix QAC |
| DF4991, DF4992, DF4993 | |||||||
| LDRA tool suite |
| 118 S | Fully Implemented | ||||||
| Parasoft C/C++test |
|
CERT_C- |
ENV31-a | Do not rely on an environment pointer following an operation that may invalidate it | ||||
|
|
| CERT C: Rule ENV31-C | Checks for environment |
| pointer invalidated by previous operation |
| (rule fully covered) |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
| [IEEE Std 1003.1:2013] | XSH, System Interfaces, setenv |
| [ISO/IEC 9899:20112024] | J.5.12, "Environment Arguments" |
| [MSDN] | getenv, _wgetenv,_putenv_s, _wputenv_s |
...