If a function is implicitly declared and it is not given enough arguments it will still pop the expected number from the stack. This could cause the program to crash.
function(1, 2);
...
void function(int one, int two, int three){
printf("args %d %d $d, one, two, three);
}
|
Solution: Use function prototypes at the top of .c file or in a .h file so that a compiler error will occur if an incorrect number of arguments are used.
void function(int one, int two, int three); //at top of file or in .h file ... function(1,2) //compiler error |
Also using a compiler setting that checks for implicity declared function will prevent accidentally calling a function before it is declared.
gcc 3.4.6 for example will not allow the non compliant code above.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
DRAFT |
2 (medium) |
3 (likely) |
2 (medium) |
P12 |
L1 |