While rule DCL50-CPP. Do not define a C-style variadic function forbids creation of such functions, they may still be defined when that function has external, C language linkage. Under these circumstances, care must be taken when invoking the va_start() macro. The C standard library macro va_start() imposes several semantic restrictions on the type of the value of its second parameter. The C Standard, subclause 7.16.1.4, paragraph 4 [ISO/IEC 9899:2011], states:
...
- You must not pass a reference as the second argument to
va_start(). - Passing an object of a class type which has a nontrivial copy constructor, nontrivial move constructor, or nontrivial destructor as the second argument to
va_startis conditionally supported with implementation-defined semantics ([expr.call] paragraph 7). - You may pass a parameter declared with the
registerkeyword ([dcl.stc] paragraph 3) or a parameter with a function type.
Passing an object of array type still produces undefined behavior in C++ because an array type as a function parameter requires use of a reference, which is prohibited. Additionally, passing an object of a type that undergoes default argument promotions still produces undefined behavior in C++ as well.
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Clang |
| -Wvarargs | Does not catch the violation in the third noncompliant code example (it is conditionally supported by Clang) |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...