...
Failure to declare void parameter will results in ambiguous functional interface between caller and callee, and even sensitive information outflow.
There is a similar rule that deals with parameter type in a more general sense: DCL07-C. Include the appropriate type information in function declarators
Noncompliant Code Example (ambiguous interface)
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL20-C | medium | probable | low | P12 | L1 |
Related Vulnerabilities
There is a similar rule that deals with parameter type in a more general sense: DCL07-C. Include the appropriate type information in function declaratorsSearch for vulnerabilities resulting from the violation of this rule on the CERT website.
Other Languages
In C++ the usage of foo() and foo(void) has exactly the same meaning and effect, so this rule doesn't apply to C++.
But it is still recommended to explicitly declare foo(void) instead of foo() to distinguish from foo(...), which will then takes arbitrary parameters.
...