...
In this example, the function pointer fp is used to refer to the function strchr(). However, fp is declared without a function prototype. As a result, there is no type checking performed on the call to fp(12,2);.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP37-C | medium | probable | high | P4 | L3 |
Automated Detection
GCC Compiler can detect violation of this rule when the -Wstrict-prototypes flag is used. However, it cannot detect violations involving variadic functions, such as the open() example above.
Compass/ROSE could specifically detect the violations in these examples when it can determine which function a function pointer points to at compile time. Then it can match the function's arguments with the expected arguments. If a pointer points to a function not determinable at compile time, ROSE probably won't be able to validate its parameters eitherthe open() example by ensuring that all calls to open() supply a third argument.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...