 
                            ...
Passing an object of an unsupported type as the second argument to va_start() can result in undefined behavior that might be exploited to cause data integrity violations.
| Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level | 
|---|---|---|---|---|---|---|
| EXP58-CPP | Medium | Unlikely | Yes | MediumNo | P4 | L3 | 
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Clang | 
 | -Wvarargs | Does not catch the violation in the third noncompliant code example (it is conditionally supported by Clang) | ||||||
| CodeSonar | 
 | BADMACRO.STDARG_H | Use of <stdarg.h> Feature | ||||||
| Helix QAC | 
 | C++3852, C++3853 | |||||||
| Klocwork | 
 | CERT.VA_START.TYPE | |||||||
| Parasoft C/C++test | 
 | CERT_CPP-EXP58-a | Use macros for variable arguments correctly | ||||||
| Polyspace Bug Finder | 
 | CERT C++: EXP58-CPP | Checks for incorrect data types for second argument of va_start (rule fully covered) | 
...