...
Noncompliant Code Example (NULL)
Because the The C Standard allows Standard allows NULL to be either an integer constant or a pointer constant, any architecture in which int is not the same size as a pointer might present a particular vulnerability with variadic functions. If NULL is defined as an int on such a platform, then . While passing NULL as an argument to a function with a fixed number of arguments will cause NULL to be cast to the appropriate pointer type, when it is passed as a variadic argument, this will not happen if sizeof(NULL) != sizeof(void *), so variadic functions that accept an argument of pointer type will not correctly promote NULL to the correct size. Consequently. This is possible for several reasons:
- Pointers and ints may have different sizes on a platform where NULL is an integer constant
- The platform may have different pointer types with different sizes on a platform. In that case, if NULL is a void pointer, it is the same size as a pointer to char (C11 section 6.2.5, paragraph 28), which might be sized differently than the required pointer type.
On either such platform, the following code will have have undefined behavior:
| Code Block | ||||
|---|---|---|---|---|
| ||||
char* string = NULL;
printf("%s %d\n", string, 1);
|
...
Tool | Version | Checker | Description | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Axivion Bauhaus Suite |
| CertC-DCL11 | |||||||||||||||||
| CodeSonar |
| LANG.STRUCT.ELLIPSIS | Ellipsis | ||||||||||||||||
| Compass/ROSE | Does not currently detect violations of this recommendation. Although the recommendation in general cannot be automated, because of the difficulty in enforcing contracts between a variadic function and its invokers, it would be fairly easy to enforce type correctness on arguments to the | ||||||||||||||||||
| CC2.DCL11 | Partially implemented | |||||||||||||||||
| GCC |
| Warns about inconsistently typed arguments to formatted output functions when the | |||||||||||||||||
| Helix QAC |
| C0179, C0184, C0185, C0186, C0190, C0191, C0192, C0193, C0194, C0195, C0196, C0197, C0198, C0199, C0200, C0201, C0206, C0207, C0208 | |||||||||||||||||
| Klocwork |
| MISRA.FUNC.VARARG SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED SV.FMT_STR.PRINT_IMPROP_LENGTH SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY SV.FMT_STR.UNKWN_FORMAT.SCAN | |||||||||||||||||
| LDRA tool suite |
| 41 S, 589 S | Partially implemented | ||||||||||||||||
| Parasoft | Insure++Runtime | ||||||||||||||||||
| Polyspace Bug Finder | R2016a | Format string specifiers and arguments mismatch | String specifiers do not match corresponding arguments | ||||||||||||||||
| C/C++test |
| CERT_C-DCL11-a |
| ||||||||||||||||
| Parasoft Insure++ | Runtime analysis | ||||||||||||||||||
| PC-lint Plus |
| 175, 559, 2408 | Assistance provided: reports issues involving format strings | ||||||||||||||||
| Polyspace Bug Finder |
| Checks for format string specifiers and arguments mismatch (rec. partially covered) | |||||||||||||||||
| PVS-Studio |
| V576 | PRQA QA-C | ||||||||||||||||
| Include Page | PRQA QA-C_v | PRQA QA-C_v | 0179 (U) | Partially implemented | PVS-Studio | 6.22 | V576 | General analysis rule |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this recommendation on the CERT website.
...