SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 81

changes.mady.by.user Astha Singhal

Saved on

compared with

New Version 82

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

An application programming interface (API) specifies how a function is intended to be called. Calling a function with incorrect arguments can result in unexpected or unintended program behavior. Functions that are appropriately declared (as in recommendation DCL07-C. Include the appropriate type information in function declarators) will typically fail compilation if they are supplied with the wrong number or types of arguments. However, there are cases where supplying the incorrect arguments to a function will at best generate compiler warnings. These warnings should be resolved but do not prevent program compilation.(See recommendation MSC00-C. Compile cleanly at high warning levels.)

...

Code Block
bgColor#FFCCCC
langc

#include <stdio.h>
#include <string.h>

char *(*fp) ();

int main(void) {
  char *c;
  fp = strchr;
  c = fp(12, 2);
  printf("%s\n", c);
  return 0;
}

...

Code Block
bgColor#ccccff
langc

#include <string.h>

char *(*fp) (const char *, int);

int main(void) {
  char *c;
  fp = strchr;
  c = fp("Hello",'H');
  printf("%s\n", c);
  return 0;
}

...

The POSIX function open() [Open Group 2004] is a variadic function with the following prototype:

Code Block

int open(const char *path, int oflag, ... );

The open() function accepts a third argument to determine a newly created file's access mode. If open() is used to create a new file, and the third argument is omitted, the file may be created with unintended access permissions. (See recommendation FIO06-C. Create files with appropriate access permissions.)

...

Code Block
bgColor#ffcccc
langc

fd = open(ms, O_CREAT|O_EXCL|O_WRONLY|O_TRUNC);

...

Code Block
bgColor#ccccff
langc

/* ... */
fd = open(ms, O_CREAT|O_EXCL|O_WRONLY|O_TRUNC, file_access_permissions);
if (fd == -1){
  /* Handle error */
}
/* ... */

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP37-C

medium

probable

high

P4

L3

Automated Detection

sectioncan

Can detect violation of this rule when the -Wstrict-prototypes flag is used. However, it cannot detect violations involving variadic functions, such as the open() example described earlier.

section

can detect some violations of this rule. In particular, it ensures that all calls to open() supply exactly two arguments if the second argument does not involve O_CREAT, and exactly three arguments if the second argument does involve O_CREAT.

LDRA tool suite

41 D
98 S
170 S
496 S

Partially Implemented implemented
ToolVersionCheckerDescription
GCC
Include Page
GCC_V
GCC_V
 
Section
Compass/ROSE  
Section
Section
Include Page
LDRA_V
LDRA_V
Section
Section

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

CERT C++ Secure Coding Standard: EXP37-CPP. Call variadic functions with the arguments intended by the API

ISO/IEC 9899:19992011 Forward and Section 6.9.1, "Function definitions"

ISO/IEC TR 17961 (Draft) Calling functions with incorrect arguments [argcomp]

ISO/IEC TR 24772 "OTR Subprogram Signature Mismatch"

...