Functions that take no parameters should explicitly declare a void parameter in their parameter list. This holds true during in both the declaration and definition sections (and they which should match). Many compilers today still allow implicitly declared functions, even though C99 has eliminated them.
...
In C+, the usage of foo() and foo(void) has exactly the same meaning and effect, so this rule doesn't apply to C+. However, foo(void) }} should be declared explicitly instead of {{foo() to distinguish it from foo(...), which will then take arbitrary parameters.
...
In this noncompliant code example, the caller gives a call to calls foo with a parameter specified as of 3. Because foo() is declared without the void parameter, the compiler will not perform any caller check. Due to the accidental internal implementation, the function foo() outputs the value 3, which matches the caller's expectation. In an inherited code base where foo and the caller are developed at different times, the caller will expect foo() to accept one integer as a parameter and to output the corresponding message when the parameter is changed.
...
In this compliant solution, void is specified explicitly specified as a parameter.
| Code Block | ||
|---|---|---|
| ||
/* compile using gcc4.3.3 */
void foo (void) {
int i = 3;
printf("i value: %d\n", i);
}
|
...
Another possible vulnerability is the leak of privileged information. In this noncompliant code example, suppose a user with high privileges feeds some secret input to the caller that the caller then passes to foo(). Because of the way function foo() is defined, it is easy to we might assume that there is no way for foo() to retrieve information from the caller. However, because the value of i is really passed into a stack (before the return address of the caller), a malicious programmer can change the internal implementation and copy the value manually into a less privileged file.
...