Calling a function with incorrect arguments can result in unexpected or unintended program behavior. Conventional functions that are appropriately declared [[DCL07-A. Include the appropriate type information in function declarators]] will fail compilation if they are supplied with the wrong number or types of arguments.
However, there are cases where supplying the incorrect arguments to a function will only generate compiler warnings. These warnings should be resolved [[MSC00-A. Compile cleanly at high warning levels]], but do not prevent program compilation.
Non-Compliant Code Example
The POSIX fopen() is defined as a variadic function. Using the POSIX function open() to create a file but failing to provide the access permissions argument results in an unexpected value being used. This omission has been known to lead to vulnerabilities (for instance, CVE-2006-1174).
/* ... */
int fd = open(file_name, O_CREAT | O_WRONLY); /* access permissions are missing */
if (fd == -1){
/* Handle Error */
}
/* ... */