CXX.STDLIB.ILLEGAL_WRITE

The CXX.STDLIB.ILLEGAL_WRITE checker reports a defect when pointers returned by getenv(), setlocale(), localeconv(), asctime(), or strerror() are not constant qualified pointers.

Vulnerability and risk

When objects pointed to by a call to the above functions are modified by the program, it can result in undefined behavior. Compilers do not report this issue because there is not a constraint violation.

Mitigation and prevention

The pointers returned by getenv(), setlocale(), localeconv(), asctime(), or strerror() should be assigned to constant qualified pointers. The compiler or analysis tool will report an issue if the code tries to modify the pointer assigned to a constant qualified pointer.

Vulnerable code example

1
2
3
4
5
6
7
  void f()
  {
      char *s = setlocale( LC_ALL, 0 );      /*  Non-compliant  */
      struct lconv *t = localeconv();        /*  Non-compliant  */
      s[1] = 'A';                            /*  Undefined Behavior  */
      t->decimal_point = "^";                /*  Undefined Behavior  */
  }

In this example, the code does not assign returned pointers to const qualified pointers.

Fixed code example

1
2
3
4
5
6
7
  void f()
  {
      char s [64];
      char *t = setlocale( LC_ALL, 0 );
      (void) strcpy( s, t );                        /*  Compliant  */
      (void) strcpy( s, setlocale( LC_ALL, 0 ) );   /*  Compliant  */
  }

In this fixed example, the pointers returned by calling setlocale() are assigned to const qualified pointers. The second parameter of strcpy() takes constant char *.

Related checkers

• MISRA.STDLIB.ILLEGAL_WRITE.2012_AMD1

External guidance

• CERT ENV30-C: Do not modify the object referenced by the return value of certain functions