CXX.STDLIB.ILLEGAL_REUSE

The CXX.STDLIB.ILLEGAL_REUSE checker reports a defect when code tries to modify a pointer returned by calling asctime(), ctime(), gmtime(), localtime(), localeconv(), getenv(), setlocale(), or strerror().

Vulnerability and risk

A second call to the above-mentioned functions may overwrite the object pointed to by the returned pointer.

Mitigation and prevention

If you want to safely reference it later, always copy and store the string into a buffer before a making a second call.

Vulnerable code example

Copy
  void func1(void) {
    char *temp1;
    char *temp2;
    temp1 = getenv("TEMP1");
    printf("temp1 is %s\n", temp1);
    temp2 = getenv("TEMP2");
    printf("temp1 is %s\n", temp1);  /* REPORT DEFECT HERE */
    printf("temp2 is %s\n", temp2);
    int v = strcmp(temp1, temp2);    /* REPORT DEFECT HERE */
 }

In this example, Klocwork reports a defect on lines 7 and 9 because temp1 can be overwritten as a subsequent call is made to getenv().

Fixed code example

Copy
   void func2(void) {
     char *temp1;
     char *temp2;
     const char *temp = getenv("TEMP1");
     temp1 = (char *)malloc(strlen(temp)+1);
     printf("temp1 is %s\n", temp1);
     strcpy(temp1, temp);
     temp = getenv("TEMP2");
     temp2 = (char *)malloc(strlen(temp)+1);
    printf("temp1 is %s\n", temp1);
    printf("temp2 is %s\n", temp2);
    int v = strcmp(temp1, temp2);
  }

In the fixed example, the code copies the string temp1 that is returned by getenv() into a buffer so that the copy can be referenced later.

Related checkers

  • MISRA.STDLIB.ILLEGAL_REUSE.2012_AMD1