CVE-2026-45541: Strtok Unchecked Do While
The result of `strtok` or `strtok_r` is used as an iterator in a `do-while` loop without a prior `NULL` check. If the input string consists entirely of delimiters, the tokenizer will return `NULL`, causing a `NULL` pointer dereference on the first loop iteration. Use a `while` loop or add a `NULL` check prior to the `do-while` block.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
Cβ
Cβgreprules fetch cve-2026-45541-strtok-unchecked-do-while --engine opengrepDescription
The result of `strtok` or `strtok_r` is used as an iterator in a `do-while` loop without a prior `NULL` check. If the input string consists entirely of delimiters, the tokenizer will return `NULL`, causing a `NULL` pointer dereference on the first loop iteration. Use a `while` loop or add a `NULL` check prior to the `do-while` block.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0