SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 50

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 51

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ffcccc
const char *error_msg = ""Resource not available to user."";
/* ... */
printf(""Error (%s): %s"", error_msg);

This results in non-existent arguments being processed by the function, potentially leaking information about the process.

...

Code Block
bgColor#ccccff
const char *error_msg = ""Resource not available to user."";
/* ... */
printf(""Error: %s"", error_msg);

Argument List Caveats

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C++ Secure Coding Standard as DCL10-CPP. Maintain the contract between the writer and caller of variadic functions.

References

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.15, ""Variable arguments,"" and Section 7.19.6.8, ""The {{vfprintf}} function""
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] ""OTR Subprogram Signature Mismatch""
\[[MISRA 04|AA. C References#MISRA 04]\] Rule 16.1
\[[Seacord 05c|AA. C References#Seacord 05c]\]

...

DCL09-C. Declare functions that return an errno error code with a return type of errno_t            02. Declarations and Initialization (DCL)              DCL11-C. Ensure type consistency when using variadic functions