[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Function Call With Incorrect Argument Type

ID: 686Date: (C)2012-05-14   (M)2022-10-10
Type: weaknessStatus: DRAFT
Abstraction Type: Variant





Description

The software calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses.

Extended Description

This weakness is most likely to occur in loosely typed languages, or in strongly typed languages in which the types of variable arguments cannot be enforced at compilation time, or where there is implicit casting.

Applicable Platforms
None

Time Of Introduction

  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Other
 		Quality degradation
 		 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Testing
 		 Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type.
 		  

Relationships

Related CWETypeViewChain
CWE-686 ChildOf CWE-885 Category CWE-888  

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
CERT C Secure Coding DCL35-C
 		Do not invoke a function using a type that does not match the function definition
 		 
CERT C Secure Coding FIO00-C
 		Take care when creating format strings
 		 
CERT C Secure Coding FLP31-C
 		Do not call functions expecting real values with complex values
 		 
CERT C Secure Coding POS34-C
 		Do not call putenv() with a pointer to an automatic variable as the argument
 		 
CERT C Secure Coding STR37-C
 		Arguments to character handling functions must be representable as an unsigned char
 		 
CERT C++ Secure Coding FLP31-CPP
 		Do not call functions expecting real values with complex values
 		 
CERT C++ Secure Coding STR37-CPP
 		Arguments to character handling functions must be representable as an unsigned char
 		 

References:
None

© SecPod Technologies