Main Content

MISRA C:2012 Rule 21.19

The pointers returned by the Standard Library functions localeconv, getenv, setlocale or strerror shall only be used as if they have pointer to const-qualified type

expand all in page

Description

Rule Definition

The pointers returned by the Standard Library functions localeconv, getenv, setlocale or strerror shall only be used as if they have pointer to const-qualified type.

This rule comes from MISRA C™: 2012 Amendment 1.

Rationale

The C99 Standard states that if the program modifies the structure pointed to by the value returned by localeconv, or the strings returned by getenv, setlocale or strerro, undefined behavior occurs. Treating the pointers returned by the various functions as if they were const-qualified allows an analysis tool to detect any attempt to modify an object through one of the pointers. Assigning the return values of the functions to const-qualified pointers results in the compiler issuing a diagnostic if an attempt is made to modify an object.

Polyspace Implementation

Polyspace® reports a violation of this rule if you assign the output of these functions to a non-const pointer:

  • localeconv,

  • getenv,

  • setlocale,

  • strerror

Troubleshooting

If you expect a rule violation but do not see it, refer to Diagnose Why Coding Standard Violations Do Not Appear as Expected.

Examples

expand all

#include <locale.h>
#include <string.h>

void f1(void)
{
    char* s1 = setlocale(LC_ALL, 0);    /* Non-compliant */
    struct lconv* conv = localeconv();  /* Non-compliant */
    s1[ 1 ] = 'A'; /* Non-compliant. Undefined behavior */
    conv->decimal_point = "^"; /* Non-compliant. Undefined behavior */
}

void f2(void)
{
    char str[128];
    (void) strcpy(str, setlocale(LC_ALL, 0));     /* Compliant */
    const struct lconv* conv = localeconv();      /* Compliant */
    conv->decimal_point = "^";                    /* Non-compliant. Constraint violation */
}

void f3(void)
{
    const struct lconv* conv = localeconv();  /* Compliant */
    conv->grouping[ 2 ] = 'x';                /* Non-compliant */
}

In the above example:

  • The usage of setlocale and localeconv in the function f1 are non-compliant as the returned pointers are assigned to non-const—qualified pointers.

    Note

    The usage of setlocale and localeconv above are not constraint violations and will therefore not be reported by a compiler. However, an analysis tool will be able to report a violation.

  • The usage of setlocale in the function f2 is compliant as strcpy takes a const char * as its second parameter. The usage of localeconv in the function f2 is compliant as the returned pointers are assigned to a const-qualified pointer. Any attempt to modify an object through a pointer will be reported by a compiler or analysis tool as this is a constraint violation.

  • The usage of a const-qualified pointer in the function f3 gives compile time protection of the value returned by localeconv but the same is not true for the strings it references. Modification of these strings can be detected by an analysis tool.

Check Information

Group: Standard libraries
Category: Mandatory
AGC Category: Mandatory

Version History

Introduced in R2017a

expand all

See Also

| | |

Topics