SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 135

changes.mady.by.user Caden Milne

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Mariani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Finally, subclause 7.26.6.3, paragraph 4 [ISO/IEC 9899:2024], states

The strerror function returns a pointer to the string, the contents of which are locale-specific. The array pointed to shall not be modified by the program. The behavior is undefined if the returned value is used after a subsequent call to the strerror function, or after the thread which called the function to obtain the returned value has exited.

...

Modifying the object pointed to by the return value of getenv(), setlocale(), localeconv(), asctime(), or strerror() is undefined behavior. Even if the modification succeeds, the modified object can be overwritten by a subsequent call to the same function.

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

ENV30-C

Low

Probable

No

MediumNo

P4P2

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
stdlib-const-pointer-assignPartially checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-ENV30
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.GETENV
LANG.STRUCT.RPNTC

Use of getenv
Returned Pointer Not Treated as const

Compass/ROSE

Can detect violations of this rule. In particular, it ensures that the result of getenv() is stored in a const variable

Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

premium-cert-env30-cFully implemented
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C1492, C1493, C1494

DF4751, DF4752, DF4753


Klocwork
Include Page
Klocwork_V
Klocwork_V

MISRA.STDLIB.CTYPE.RANGE.2012_AMD1
MISRA.STDLIB.ILLEGAL_REUSE.2012_AMD1
MISRA.STDLIB.ILLEGAL_WRITE.2012_AMD1


LDRA tool suite
Include Page
LDRA_V
LDRA_V
107 DPartially Implemented
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-ENV30-a

The pointers returned by the Standard Library functions 'localeconv', 'getenv', 'setlocale' or, 'strerror' shall only be used as if they have pointer to const-qualified type

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule ENV30-C


Checks for modification of internal buffer returned from nonreentrant standard function (rule fully covered)

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V675
RuleChecker

Include Page
RuleChecker_V
RuleChecker_V

stdlib-const-pointer-assignPartially checked
Security Reviewer - Static Reviewer

Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V

C27
C28
C29

Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...