================ @@ -755,6 +755,75 @@ security Security related checkers. +.. _security-cert-env-InvalidPtr: + +security.cert.env.InvalidPtr +"""""""""""""""""""""""""""""""""" + +Corresponds to SEI CERT Rules ENV31-C and ENV34-C. + +ENV31-C: +Rule is about the possible problem with `main` function's third argument, environment pointer, +"envp". When environment array is modified using some modification function +such as putenv, setenv or others, It may happen that memory is reallocated, +however "envp" is not updated to reflect the changes and points to old memory +region. + +ENV34-C: +Some functions return a pointer to a statically allocated buffer. +Consequently, subsequent call of these functions will invalidate previous +pointer. These functions include: getenv, localeconv, asctime, setlocale, strerror ---------------- whisperity wrote:
I know you only moved the source of the documentation here, but will these render nicely? Currently the "alpha" version looks like this:  I'm mainly used to Tidy documentation, so take this with a generous pinch of salt, but... Perhaps we should ensure the function names are monospace, that the "header" for `ENV31-C` and `ENV34-C` are more highlighted. Maybe they can be parts of a bulleted list, even, instead of just two separate paragraphs? https://github.com/llvm/llvm-project/pull/71912 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
