The POSIX function putenv() is used to set environment variable values. The putenv() function does not create a copy of the string supplied to it as a parameter, rather it inserts a pointer to the string into the environment array. If an automatic variable is supplied as a parameter to putenv(), the memory allocated for that variable may be overwritten when the containing function returns and stack memory is recycled. This behavior is noted in the Open Group Base Specifications Issue 6 [[Open Group 04]]:
A potential error is to call
putenv()with an automatic variable as the argument, then return from the calling function while string is still part of the environment.
Note that this behavior violates rule DCL30-C. Do not refer to an object outside of its lifetime.
Non-Compliant Code Example
In this example, an automatic variable is supplied as an argument to putenv(). When that environment variable is retrieved using getenv(), it may have an unexpected value.
int func() {
char env10;
strcpy(env,"VAR=1");
putenv(env);
return 1;
}
int main (int argc, char* argv[]) {
char *var;
func();
/* ... */
var = getenv("VAR");
}