You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Calling a function with incorrect arguments can result in unexpected or unintended program behavior. Conventional functions that are appropriately declared [[DCL07-A. Include the appropriate type information in function declarators]] will fail compilation if they are supplied with the wrong number or types of arguments. However, there are cases where supplying the incorrect arguments to a function will only generate compiler warnings. These warnings should be resolved [[MSC00-A. Compile cleanly at high warning levels]], but do not prevent program compilation.

Non-Compliant Code Example

The POSIX open() [[Open Group 04]] is a variadic function with the following prototype:

int open(const char *path, int oflag, ... );

The open() function accepts a third argument to determine a newly created file's access mode.
If open() is used to create a new file and the third argument is omitted, the file may be created with unintended access permissions. This omission has been known to lead to vulnerabilities (for instance, CVE-2006-1174).

/* ... */
int fd = open(file_name, O_CREAT | O_WRONLY); /* access permissions are missing */
if (fd == -1){
  /* Handle Error */
}
/* ... */

Compliant Solution

  • No labels