...
Code Block | ||||
---|---|---|---|---|
| ||||
#include <stdarg.h> #include <stddef.h> void func(size_t num_vargs, const char *cp, ...) { va_list ap; va_start(ap, cp); if (num_vargs > 0) { int val = va_arg(ap, int); // ... } va_end(ap); } void f(void) { func(1, "The only argument", 0); } |
Risk Assessment
Incorrect use of va_arg()
results in undefined behavior that can include accessing stack memory.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
EXP47-C | Medium | Likely | High | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Clang |
| -Wvarargs | Can detect some instances of this rule, such as promotable types. Cannot detect mismatched types or incorrect number of variadic arguments. | ||||||
CodeSonar |
| BADMACRO.STDARG_H | Use of <stdarg.h> feature | ||||||
LDRA tool suite |
| 44 S | Enhanced Enforcement |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
[ISO/IEC 9899:2011] | Subclause 7.16, "Variable Arguments <stdarg.h> "Subclause 6.5.2.2, "Function calls" |
...
...