...
Noncompliant Code Example (NULL
)
Because the The C Standard allows Standard allows NULL to be either an integer constant or a pointer constant, any architecture in which int
is not the same size as a pointer might present a particular vulnerability with variadic functions. If NULL
is defined as an int
on such a platform, then . While passing NULL as an argument to a function with a fixed number of arguments will cause NULL to be cast to the appropriate pointer type, when it is passed as a variadic argument, this will not happen if sizeof(NULL) != sizeof(void *)
, so variadic functions that accept an argument of pointer type will not correctly promote NULL
to the correct size. Consequently.
This is possible for several reasons:
- Pointers and ints may have different sizes on a platform where NULL is an integer constant
- The platform may have different pointer types with different sizes on a platform. In that case, if NULL is a void pointer, it is the same size as a pointer to char (C11 section 6.2.5, paragraph 28), which might be sized differently than the required pointer type.
On either such platform, the following code will have have undefined behavior:
Code Block | ||||
---|---|---|---|---|
| ||||
char* string = NULL; printf("%s %d\n", string, 1); |
...
Tool | Version | Checker | Description | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Axivion Bauhaus Suite |
| CertC-DCL11 | |||||||||||||
CodeSonar |
| LANG.STRUCT.ELLIPSIS | Ellipsis | ||||||||||||
Compass/ROSE | Does not currently detect violations of this recommendation. Although the recommendation in general cannot be automated, because of the difficulty in enforcing contracts between a variadic function and its invokers, it would be fairly easy to enforce type correctness on arguments to the | ||||||||||||||
| CC2.DCL11 | Partially implemented | |||||||||||||
GCC |
| Warns about inconsistently typed arguments to formatted output functions when the | |||||||||||||
Helix QAC |
| C0179, C0184, C0185, C0186, C0190, C0191, C0192, C0193, C0194, C0195, C0196, C0197, C0198, C0199, C0200, C0201, C0206, C0207, C0208 | |||||||||||||
Klocwork |
| MISRA.FUNC.VARARG SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED SV.FMT_STR.PRINT_IMPROP_LENGTH SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY SV.FMT_STR.UNKWN_FORMAT.SCAN | |||||||||||||
LDRA tool suite |
| 41 S, 589 S | Partially implemented | ||||||||||||
Parasoft | InsureC/C++ | Runtime analysis | |||||||||||||
Polyspace Bug Finder | R2016a | Format string specifiers and arguments mismatch | String specifiers do not match corresponding arguments | ||||||||||||
test |
| CERT_C-DCL11-a |
| ||||||||||||
Parasoft Insure++ | Runtime analysis | ||||||||||||||
PC-lint Plus |
| 175, 559, 2408 | Assistance provided: reports issues involving format strings | ||||||||||||
Polyspace Bug Finder |
| Checks for format string specifiers and arguments mismatch (rec. partially covered) | PRQA QA-C | ||||||||||||
Include Page | PRQA QA-C_v | PRQA QA-C_v | 0179 (U) | Partially implemented | |||||||||||
PVS-Studio |
| V576 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this recommendation on the CERT website.
...