Wiki Markup
Non-Compliant Code Example
...
(
...
Function Pointers)
In this example, the function pointer fp is used to refer to the function strchr(). However, fp is declared without a function prototype. As a result, there is no type checking performed on the call to fp(12,2);.
| Code Block | ||
|---|---|---|
| ||
#include <stdio.h>
#include <string.h>
char *(*fp) ();
int main(void) {
char *c;
fp = strchr;
c = fp(12, 2);
printf("%s\n", c);
}
|
Compliant Solution
...
(
...
Function Pointers)
Declaring fp with a function prototype corrects this example.
| Code Block | ||
|---|---|---|
| ||
#include <string.h>
char *(*fp) (char const *, int);
int main(void) {
char *c;
fp = strchr;
c = fp("Hello",'H');
printf("%s\n", c);
}
|
Non-Compliant Code Example
...
(
...
Variadic Functions)
| Wiki Markup |
|---|
The POSIX function {{open()}} \[[Open Group 04|AA. C References#Open Group 04]\] is a variadic function with the following prototype: |
| Code Block |
|---|
int open(char const *path, int oflag, ... ); |
...
The {{open()}} function accepts a third argument to determine a newly created file's access mode. If {{open()}} is used to create a new file and the third argument is omitted, the file may be created with unintended access permissions \[[permissions (see FIO06-A. Create files with appropriate access permissions]\]).
In this non-compliant code example from a vulnerability in the useradd() function of the shadow-utils package CVE-2006-1174 , the third argument to open() has been accidentally omitted.
| Code Block | ||
|---|---|---|
| ||
fd = open(ms, O_CREAT|O_EXCL|O_WRONLY|O_TRUNC); |
Compliant Solution
...
(
...
Variadic Functions)
To correct this example, a third argument is specified in the call to open().
...
| Wiki Markup |
|---|
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Forward, and Section 6.9.1, "Function definitions" \[[Spinellis 06|AA. C References#Spinellis 06]\] Section 2.6.1, "Incorrect Routine or Arguments" |
...