CWE-685 使用不正确参数个数的函数调用

Function Call With Incorrect Number of Arguments

结构: Simple

Abstraction: Variant

状态: Draft

被利用可能性: unkown

基本描述

The software calls a function, procedure, or routine, but the caller specifies too many arguments, or too few arguments, which may lead to undefined behavior and resultant weaknesses.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 628 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 628 cwe_View_ID: 699 cwe_Ordinal: Primary

适用平台

Language: [{'cwe_Name': 'C', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'Perl', 'cwe_Prevalence': 'Undetermined'}]

常见的影响

范围 影响 注释
Other Quality Degradation

检测方法

Other

While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers of arguments, such as format strings in C. It also can occur in languages or environments that do not require that functions always be called with the correct number of arguments, such as Perl.

可能的缓解方案

Testing

策略:

Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type.

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
Software Fault Patterns SFP1 Glitch in computation
CERT C Secure Coding EXP37-C CWE More Specific Call functions with the correct number and type of arguments
CERT C Secure Coding FIO47-C Imprecise Use valid format strings