CERT C: Rec. STR06-C

Do not assume that strtok() leaves the parse string unchanged

Since R2025a

expand all in page

Description

Rule Definition

Do not assume that strtok() leaves the parse string unchanged1

Polyspace Implementation

Polyspace® checks for the issue String passed to strtok() without copying.

Examples

expand all

Issue

This issue occurs if these conditions are true:

  • A C-string (char*) is not the destination argument of strcpy() or memcpy().

  • The same C-string is passed to the function strtok() as the string to be parsed.

That is, this issue occurs if the string that strtok() parses is not a copied string.

Risk

The function strtok() tokenizes the string to be parsed in-place by using the delimiter parameter. For example, in this code, the string path is initialized to "/usr/bin:/bin:/usr/sbin:/sbin". After the call to strtok(), the string path becomes "/usr/bin":

   char path* = "/usr/bin:/bin:/usr/sbin:/sbin";
   strtok(path,":");
This modification to the string path can be unexpected. If you use the string in later code without accounting for the modification, the code behavior can be incorrect and unexpected.

Fix

To fix violations of this rule, copy the strings to be parsed and pass the copied strings to the function strtok().

Example

In this example, the string str is passed to strtok() as the string to be parsed without copying the string beforehand. Polyspace reports a violation.

#include <stdlib.h>
#include <stdio.h>
#include <string.h>

void foo()
{
	char *token;
	char *str = "apple,banana,orange,grape";
	token = strtok(str, ",");  //noncompliant
	puts(token);


}

Correction

To correct this violation, copy the string str to preserve the original value and pass the copy to strtok().

#include <stdlib.h>
#include <stdio.h>
#include <string.h>

void foo() {
    char *token;
    const char *str = "apple,banana,orange,grape";

    // Allocate memory for the copy of the string
    char *str_copy = malloc(strlen(str) + 1);
    if (str_copy == NULL) {
        perror("Failed to allocate memory");
        exit(EXIT_FAILURE);
    }

    // Copy the string literal to the allocated memory
    strcpy(str_copy, str);

    // Use strtok on the copied string
    token = strtok(str_copy, ","); //Compliant
    puts(token);

    // Free the allocated memory
    free(str_copy);
}

Check Information

Group: Rec. 07. Characters and Strings (STR)

Version History

Introduced in R2025a

See Also

Topics

1 This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.