SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 18 Next »

Calling a function with incorrect arguments can result in unexpected or unintended program behavior. Functions that are appropriately declared [[DCL07-A. Include the appropriate type information in function declarators]] will fail compilation if they are supplied with the wrong number or types of arguments. However, there are cases where supplying the incorrect arguments to a function will only generate compiler warnings. These warnings should be resolved [[MSC00-A. Compile cleanly at high warning levels]], but do not prevent program compilation.

Non-Compliant Code Example: (function pointers)

In this example, the function pointer fp is used to refer to the function strchr(), which is defined elsewhere. However, fp is defined without the appropriate parameter list, and the function prototype for strchr() is not visible to this program. As a result there is no type checking performed on the call to fp(12,2);.

#include <stdio.h>
extern char *strchr();

char *(*fp) ();

int main(void) {
  char *c;
  fp = strchr;
  c = fp(12,2);
  printf("%s\n",c);

}

Note that this example also violates recommendation [[DCL07-A. Include the appropriate type information in function declarators]].

Compliant Solution: (function pointers)

#include <string.h>

char *(*fp) (cjar *,int);

int main(void) {
  char *c;
  fp = strchr;
  c = fp("Hello",'H');
  printf("%s\n",c);

}

Non-Compliant Code Example: (variadic functions)

The POSIX function open() [[Open Group 04]] is a variadic function with the following prototype:

int open(const char *path, int oflag, ... );

The open() function accepts a third argument to determine a newly created file's access mode. If open() is used to create a new file and the third argument is omitted, the file may be created with unintended access permissions [[FIO06-A. Create files with appropriate access permissions]].

/* ... */
int fd = open(file_name, O_CREAT | O_WRONLY); /* access permissions are missing */
if (fd == -1){
  /* Handle Error */
}
/* ... */

Compliant Solution: (variadic functions)

To correct this example, a third argument is specified in the call to open().

/* ... */
int fd = open(file_name, O_CREAT | O_WRONLY, file_access_permissions);
if (fd == -1){
  /* Handle Error */
}
/* ... */
  • No labels