If a function is implicitly declared and it is not given enough arguments it will still pop the expected number from the stack. This could cause the program to crash.
The function could also be given too many arguments which can cause a buffer overflow.
Non compliant code
function(1, 2);
...
void function(int one, int two, int three){
printf("args %d %d $d, one, two, three);
}
Solution: Use function prototypes at the top of .c file or in a .h file so that a compiler error will occur if an incorrect number of arguments are used.
Compliant code
void function(int one, int two, int three); //at top of file or in .h file ... function(1,2) //compiler error
Also using a compiler setting that checks for implicity declared function will prevent accidentally calling a function before it is declared.
gcc 3.4.6 for example will not allow the non compliant code above.
Risk Assesment
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
DRAFT |
3 (high) |
3 (likely) |
2 (medium) |
P18 |
L1 |