...
Inconsistent typing in variadic functions can result in abnormal program termination or unintended information disclosure.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL11-C | High | Probable | High | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
| Compass/ROSE |
Does not currently detect violations of this recommendation. Although the recommendation in general cannot be automated, because of the difficulty in enforcing contracts between a variadic function and its invokers, it would be fairly easy to enforce type correctness on arguments to the | |||||||||
| CC2.DCL11 | Partially implemented | |||||||
| GCC |
|
Warns about inconsistently typed arguments to formatted output functions when the | ||||||||
| Klocwork |
| MISRA.FUNC.VARARG |
| LDRA tool suite |
| 41 S, 589 S | Partially implemented | ||||||
| Parasoft Insure++ |
| Runtime | |||||||||
| Polyspace Bug Finder | R2016a | Format string specifiers and arguments mismatch | String specifiers do not match corresponding arguments | ||||||
| PRQA QA-C |
| 0179 (U) | Partially implemented | ||||||
| PVS-Studio | 6.22 | V576 | General analysis rule |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this recommendation on the CERT website.
Related Guidelines
| ISO/IEC TR 24772:2013 | Type System [IHN] Subprogram Signature Mismatch [OTR] |
| MISRA C:2012 | Rule 17.1 (required) |
...
...