Page History

...

The getenv function returns a pointer to a string associated with the matched list member. The string pointed to shall not be modified by the program but may be overwritten by a subsequent call to the getenv function. If the specified name cannot be found, a null pointer is returned.

...

Storing the pointer to the string returned by getenv(), localeconv(), setlocale(), or strerror() can result in overwritten data.

Rule	Severity	Likelihood	Detectable	RepairableRemediation Cost	Priority	Level
ENV34-C	Low	Probable	Yes	NoMedium	P4	L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

Tool

Version

Checker

Description

Compass/ROSE

Cppcheck Premium

24.9.0

premium-cert-env34-c

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

DF2681, DF2682, DF2683

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

MISRA.STDLIB.ILLEGAL_REUSE.2012_AMD1

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

133 D

Fully implemented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-ENV34-a

Pointers returned by certain Standard Library functions should not be used following a subsequent call to the same or related function

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C: Rule ENV34-C

Checks for misuse of return value from nonreentrant standard function (rule fully covered)

Related Guidelines

Key here (explains table format and definitions)

...

Space shortcuts

Page tree

Versions Compared

Old Version 109

New Version 110

Key

Related Vulnerabilities

Related Guidelines