...
The improper use of strtok()
is likely to result in truncated data, producing unexpected results later in program execution.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
STR06-C |
Medium |
Likely |
Medium | P12 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
CodeSonar |
| (customization) | Users who wish to avoid using strtok() entirely can add a custom check for all uses of strtok() . | ||||||
Compass/ROSE |
5.0
Can detect violations of this rule with CERT C Rule Pack
Helix QAC |
| C5007 |
LDRA tool suite |
| 602 S |
Enhanced Enforcement |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ |
Coding Standard | VOID STR06-CPP. Do not assume that strtok() leaves the parse string unchanged |
MITRE CWE | CWE-464, Addition of data structure sentinel |
Bibliography
...