Some implementations provide a nonportable environment pointer that is valid when main()
is called but may be invalidated by operations that modify the environment.
The C Standard, J.5.1 2 [ISO/IEC 9899:20112024], states
In a hosted environment, the main function receives a third argument, char *envp[], that points to a null-terminated array of pointers to char, each of which points to a string that provides information about the environment for this execution of the program (5.1.2.3.2).
Consequently, under a hosted environment supporting this common extension, it is possible to access the environment through a modified form of main()
:
...
Tool | Version | Checker | Description | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| Supported | |||||||||||||||||
Compass/ROSE | |||||||||||||||||||
Cppcheck Premium | 24.9.0 | premium-cert-env31-c | Fully implemented | ||||||||||||||||
Helix QAC |
| C4991DF4991, | C4992, C4993C++4991, C++4992, C++4993DF4992, DF4993 | ||||||||||||||||
LDRA tool suite |
| 118 S | Fully Implemented | ||||||||||||||||
Parasoft C/C++test |
| CERT_C-ENV31-a | Do not rely on an environment pointer following an operation that may invalidate it | ||||||||||||||||
| CERT C: Rule ENV31-C | Checks for environment pointer invalidated by previous operation (rule fully covered) | PRQA QA-C | ||||||||||||||||
Include Page | PRQA QA-C_v | PRQA QA-C_v | 4991, 4992, 4993 | PRQA QA-C++ | |||||||||||||||
Include Page | cplusplus:PRQA QA-C++_V | cplusplus:PRQA QA-C++_V | 4991, 4992, 4993
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
[IEEE Std 1003.1:2013] | XSH, System Interfaces, setenv |
[ISO/IEC 9899:20112024] | J.5.12, "Environment Arguments" |
[MSDN] | , ,
getenv , _wgetenv ,_putenv_s , _wputenv_s |
...