Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider $version (sch jbop) (X_X)@==(Q_Q)@

An application programming interface (API) specifies how a function is intended to be called.  Calling a function with incorrect arguments can result in unexpected or unintended program behavior. Functions that are appropriately declared (see DCL07-C. Include the appropriate type information in function declarators) will typically fail compilation if they are supplied with the wrong number or types of arguments. However, there are cases where supplying the incorrect arguments to a function will at best generate compiler warnings. These warnings should be resolved (see MSC00-AC. Compile cleanly at high warning levels) but do not prevent program compilation.

...

Noncompliant Code Example (Function Pointers)

In this example, the function pointer fp is used to refer to the function strchr(). However, fp is declared without a function prototype.  As a result, there is no type checking performed on the call to fp(12,2);.

...

Code Block
bgColor#ccccff
#include <string.h>

char *(*fp) (const char const *, int);

int main(void) {
  char *c;
  fp = strchr;
  c = fp("Hello",'H');
  printf("%s\n", c);

}

...

Noncompliant Code Example (Variadic Functions)

Wiki Markup
The POSIX function {{open()}} \[[Open Group 04|AA. C References#Open Group 04]\] is a variadic function with the following prototype:

Code Block
int open(const char const *path, int oflag, ... );

The open() function accepts a third argument to determine a newly created file's access mode. If open() is used to create a new file and the third argument is omitted, the file may be created with unintended access permissions (see FIO06-AC. Create files with appropriate access permissions).

In this non-compliant noncompliant code example from a vulnerability in the useradd() function of the shadow-utils package CVE-2006-1174 , the third argument to open() has been accidentally omitted.

...