Upon successful completion, getenv() function returns a pointer to a NUL-terminated string containing the value of the specified name. If the specified name cannot be found the environment of the calling process, a null pointer will be returned.

A programmer should never try to modify the value returned by the getenv() function. Because the pointer might be used by some other program. If it's necessary to manipulate the return value of getenv().

None-Compliant Code Example

int foo()
{
    char *env;
    env = getenv("TEST_ENV");
    env[0] = 'a';

    /*Do some more things*/

    return 0;
}

Compliant Code Solution

int foo()
{
    char *env;
    char *copy_of_env;

    env = getenv("TEST_ENV");
    copy_of_env = malloc( (strlen(env)+1) * sizeof(char) );
    strncpy(copy_of_env, env, strlen(env));
    
    copy_of_env[0] = 'a';
    
    /*Do some more things*/

    return 0;
}

Space shortcuts

Page tree

None-Compliant Code Example

Compliant Code Solution

Space shortcuts

Page tree

ENV30-C. Do not modify the string returned by getenv()

None-Compliant Code Example

Compliant Code Solution