SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 34

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 35

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft C/C++test 10.4.1 update

...

Passing an object of an unsupported type as the second argument to va_start() can result in undefined behavior that might be exploited to cause data integrity violations.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP58-CPP

Medium

Unlikely

Medium

P4

L3

Automated Detection

Tool

Version

Checker

Description

Clang
Include Page
Clang_39_V
Clang_39_V
-WvarargsDoes not catch the violation in the third noncompliant code example (it is conditionally supported by Clang)
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_CPP-EXP58-a

Use macros for variable arguments correctly

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardDCL50-CPP. Do not define a C-style variadic function

Bibliography

[ISO/IEC 9899:2011]Subclause 7.16.1.4, "The va_start Macro"
[ISO/IEC 14882-2014]Subclause 18.10, "Other Runtime Support"

...


...