Why is strtok() Considered Unsafe?

by

According with the strtok_s section of this document:

6.7.3.1 The strtok_s function The strtok_s function fixes two problems
in the strtok function:

  1. A new parameter, s1max, prevents strtok_s from storing outside of the
    string being tokenized. (The string
    being divided into tokens is both an
    input and output of the function since
    strtok_s stores null characters into
    the string.)
  2. A new parameter, ptr, eliminates the static internal state that
    prevents strtok from being re-entrant
    (Subclause 1.1.12). (The ISO/IEC 9899
    function wcstok and the ISO/IEC 9945
    (POSIX) function strtok_r fix this
    problem identically.)

More Related Contents:

  1. Do you use the TR 24731 ‘safe’ functions? [closed]
  2. Why are strlcpy and strlcat considered insecure?
  3. How does strtok() split the string into tokens in C?
  4. Using strtok() in nested loops in C?
  5. What are the differences between strtok and strsep in C
  6. Nested strtok function problem in C [duplicate]
  7. How can a Format-String vulnerability be exploited?
  8. strtok function thread safety
  9. Using strtok in c
  10. Why didn’t gcc (or glibc) implement _s functions?
  11. Why is printf with a single argument (without conversion specifiers) deprecated?
  12. Split string into tokens and save them in an array
  13. C: correct usage of strtok_r
  14. Buffer overflow works in gdb but not without it
  15. How to split a string to 2 strings in C
  16. Need to know when no data appears between two token separators using strtok()
  17. strtok segmentation fault
  18. C’s strtok() and read only string literals
  19. Why is strtok changing its input like this?
  20. Using a Single system() Call to Execute Multiple Commands in C
  21. What is the output of the following code in C? [closed]
  22. Incorrect result in c code
  23. calling main() in main() in c
  24. Realistic usage of the C99 ‘restrict’ keyword?
  25. Why is rand() not so random after fork?
  26. fcntl, lockf, which is better to use for file locking?
  27. Why does this implementation of strlen() work?
  28. How to circumvent Windows Universal CRT headers dependency on vcruntime.h
  29. Is there any overhead for using variable-length arrays?
  30. C -> sizeof string is always 8

Leave a Comment