...
The omission of the -1 terminating value means that on some architectures, the function will continue to grab process values from the stack until it either hits encounters a -1 by coincidence , or until it is terminated.
In the following line of code from a vulnerability in an implementation of a useradd() function from the shadow-utils package, the POSIX function open() (which is implemented as a variadic function) is called missing an argument CVE-2006-1174 . If the stack is manipulated by an attacker, the missing argument, which controls access permissions, can be set to a value that allows for an unauthorized user to read or modify data.
...
| bgColor | #ffcccc |
|---|
...
an error occurs.
Another common mistake is to use more format specifiers than supplied arguments. This results in undefined behavior, which could end up pulling extra values off the stack and unintentionally exposing data. The following example illustrates a case of this:
...