...
The variable arguments to a variadic function are not checked for type by the compiler. So, the programmer is responsible for ensuring that they are compatible with the corresponding parameter after the default argument promotions:
...
| Code Block | ||
|---|---|---|
| ||
const char *error_msg = ""Error occurred"";; /* ... */ printf(""%s:%d"", 15, error_msg); |
Compliant Solution (Type Interpretation Error)
...
| Code Block | ||
|---|---|---|
| ||
const char *error_msg = ""Error occurred"";; /* ... */ printf(""%d:%s"", 15, error_msg); |
As shown, care must be taken to ensure that the arguments passed to a format string function match up with the supplied format string.
...
| Code Block | ||
|---|---|---|
| ||
long long a = 1; const char msg[] = ""Default message"";; /* ... */ printf(""%d %s"", a, msg); |
Because a long long was not interpreted, if the long long uses more bytes for storage, the subsequent format specifier %s is unexpectedly offset, causing unknown data to be used instead of the pointer to the message.
...
| Code Block | ||
|---|---|---|
| ||
long long a = 1; const char msg[] = ""Default message"";; /* ... */ printf(""%lld %s"", a, msg); |
Risk Assessment
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Other Languages
This rule appears in the C++ Secure Coding Standard as DCL11-CPP. Ensure type consistency when using variadic functions.
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.5.2.2, ""Function calls,"" and Section 7.15, ""Variable arguments"" \[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] ""IHN Type system"" and ""OTR Subprogram Signature Mismatch"" \[[MISRA 04|AA. C References#MISRA 04]\] Rule 16.1 |
...
02. Declarations and Initialization (DCL)