...
| Wiki Markup |
|---|
In the following code example, the variadic function {{average()}} is used to determine the average value of its passed integer arguments \[[Seacord 05c|AA. C References#Seacord 05c]\]. The function stops processingprocesses arguments whenuntil it seesfinds one thatwith thea argumentvalue isof {{\-1}}. |
| Code Block |
|---|
int average(int first, ...) {
size_t count = 0;
int sum = 0;
int i = first;
va_list marker;
va_start(marker, first);
while (i != -1) {
sum += i;
count++;
i = va_arg(marker, int);
}
va_end(marker);
return(count ? (sum / count) : 0);
}
|
Note that va_start() must always be called to initialize the argument list and va_end() must always be called when finished with a variable argument list.
...
In the following line of code , which is an actual vulnerability in an from a vulnerabilityin an implementation of a useradd() function from the shadow-utils package, the POSIX function open() (which is implemented as a variadic function) is called missing an argument CVE-2006-1174 . If the stack is maliciously manipulated by an attacker, the missing argument, which controls access permissions, could can be set to a value that allows for an unauthorized user to read or modify data.
...