SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 10

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 11

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
langc
#include <stdarg.h>
#include <stddef.h>

void func(size_t num_vargs, const char *cp, ...) {
  va_list ap;  
  va_start(ap, cp);
  if (num_vargs > 0) {
    int val = va_arg(ap, int);
    // ...
  }
  va_end(ap);
}
 
void f(void) {
  func(1, "The only argument", 0);
}

Risk Assessment

Incorrect use of va_arg() results in undefined behavior that can include accessing stack memory.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP47-C

Medium

Likely

High

P6

L2

Automated Detection

Tool

Version

Checker

Description

Clang
Include Page
Clang_V
Clang_V
-WvarargsCan detect some instances of this rule, such as promotable types.
Cannot detect mismatched types or incorrect number of variadic arguments.
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
BADMACRO.STDARG_HUse of <stdarg.h> feature
LDRA tool suite
Include Page
LDRA_V
LDRA_V

44 S

Enhanced Enforcement

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[ISO/IEC 9899:2011]Subclause 7.16, "Variable Arguments <stdarg.h>"
Subclause 6.5.2.2, "Function calls"

...


...