SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 82

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 83

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ToolVersionCheckerDescription
GCC
Include Page
GCC_V
GCC_V
 

Can detect violation of this rule when the -Wstrict-prototypes flag is used. However, it cannot detect violations involving variadic functions, such as the open() example described earlier.

Compass/ROSE  

can detect some violations of this rule. In particular, it ensures that all calls to open() supply exactly two arguments if the second argument does not involve O_CREAT, and exactly three arguments if the second argument does involve O_CREAT.

LDRA tool suite

Include Page
LDRA_V
LDRA_V

41 D
98 S
170 S
496 S

Partially implemented.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

CERT C++ Secure Coding Standard: EXP37-CPP. Call variadic functions with the arguments intended by the API

ISO/IEC 9899:2011 Forward  Forward and Section 6.9.1, "Function definitions"

...

ISO/IEC TR 24772 "OTR Subprogram Signature Mismatchsignature mismatch"

MISRA Rule 16.6

MITRE CWE: CWE-628, "Function Call with Incorrectly Specified Argumentscall with incorrectly specified arguments"

Bibliography

[CVE] CVE-2006-1174
[Spinellis 2006] Section 2.6.1, "Incorrect Routine routine or Argumentsarguments"

...