Page History

Functions can be defined to accept more formal arguments at the call site than are specified by the parameter declaration clause. Such functions are called variadic functions, because they can accept a variable number of arguments from a caller. C++ provides two mechanisms by which a variadic function can be defined: function parameter packs, and use of a C-style ellipsis as the final parameter declaration. Variadic functions are flexible in that they accept a varying number of arguments of differing types, however, they can also be hazardous. A variadic function using a C-style ellipsis (hereafter called a C-style variadic function) has no mechanisms to check the type safety of arguments being passed to the function, or that the number of arguments being passed matches the semantics of the function definition. Consequently, a runtime call to a C-style variadic function that passes inappropriate arguments yields undefined behavior. Such undefined behavior could be exploited to run arbitrary code.

Do not define C-style variadic functions. Issues with C-style variadic functions can be avoided by using variadic functions defined with function parameter packs for situations where a variable number of arguments should be passed to a function. Additionally, function currying can be used to build object state piecemeal, such as the standard output stream does with its std::cout::operator<<() overloads.

Note that the declaration of C-style variadic functions is not harmful, and can be useful in unevaluated contexts. When a function call expression appears in an unevaluated context, such as the argument in a sizeof expression, overload resolution is performed to determine the result type of the call, but does not require a function definition. Some template metaprogramming techniques that employ "substitution failure is not an error" (SFINAE) use variadic functions to implement compile-time type queries, as in:

...

Automated Detection

...