CERT-ENV30-C
In this section:
Synopsis
Do not modify the object referenced by the return value of certain functions.
Enabled by default
Yes
Severity/Certainty
Low/Medium
Full description
Some functions return a pointer to an object that cannot be modified without causing undefined behavior. These functions include getenv(), setlocale(), localeconv(), asctime(), and strerror(). In such cases, the function call results must be treated as being const-qualified.
Coding standards
- CERT ENV30-C
Do not modify the object referenced by the return value of certain functions
Code examples
The following code example fails the check and will give a warning:
#include <stdlib.h>
void example(void) {
char *s = getenv("MY_VAR");
*s = 'A';
}
The following code example passes the check and will not give a warning about this issue:
#include <stdlib.h>
#include <string.h>
void example(void) {
char *str = getenv("MY_VAR");
char *copy_of_str = (char *)malloc(strlen(str) + 1);
*copy_of_str = 'A';
}