SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 111

changes.mady.by.user Jill Britton

Saved on

compared with

New Version 119

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

Some implementations provide a nonportable environment pointer that is valid when main() is called but may be invalidated by operations that modify the environment.

The C Standard, J.5.1 2 [ISO/IEC 9899:20112024], states

In a hosted environment, the main function receives a third argument, char *envp[], that points to a null-terminated array of pointers to char, each of which points to a string that provides information about the environment for this execution of the program (5.1.2.3.2).

Consequently, under a hosted environment supporting this common extension, it is possible to access the environment through a modified form of main():

...

Using the envp environment pointer after the environment has been modified can result in undefined behavior.

Rule

Severity

Likelihood

Detectable

Remediation CostRepairable

Priority

Level

ENV31-C

Low

Probable

Yes

NoMedium

P4

L3

Automated Detection

 

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
 Supported
Compass/ROSE




Cppcheck Premium
24.9.0
premium-cert-env31-c


Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF4991, DF4992, DF4993


LDRA tool suite
Include Page
LDRA_V
LDRA_V
118 SFully Implemented
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-ENV31-a

Do not rely on an environment pointer following an operation that may invalidate it

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule ENV31-CChecks for environment pointer invalidated by previous operation (rule fully covered)PRQA QA-C
Include Page
PRQA QA-C_vPRQA QA-C_v4991, 4992, 4993PRQA QA-C++
Include Page
cplusplus:PRQA QA-C++_Vcplusplus:PRQA QA-C++_V4991, 4992, 4993

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

[IEEE Std 1003.1:2013]XSH, System Interfaces, setenv
[ISO/IEC 9899:20112024]J.5.12, "Environment Arguments"
[MSDN]_environ, _wenviron,
getenv, _wgetenv,
_putenv_s, _wputenv_s

...