Function Call With Incorrect Argument TypeID: 686 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Variant |
Description
The software calls a function, procedure, or routine, but the
caller specifies an argument that is the wrong data type, which may lead to
resultant weaknesses.
Extended DescriptionThis weakness is most likely to occur in loosely typed languages, or in
strongly typed languages in which the types of variable arguments cannot be
enforced at compilation time, or where there is implicit casting.
Applicable PlatformsNone
Time Of Introduction
Common Consequences
Scope | Technical Impact | Notes |
---|
Other | Quality degradation | |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
Testing | | Because this function call often produces incorrect behavior it will
usually be detected during testing or normal operation of the software.
During testing exercise all possible control paths will typically expose
this weakness except in rare cases when the incorrect function call
accidentally produces the correct results or if the provided argument
type is very similar to the expected argument type. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-686 ChildOf CWE-885 | Category | CWE-888 | |
Demonstrative ExamplesNone
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
CERT C Secure Coding | DCL35-C | Do not invoke a function using a type that does not match the
function definition | |
CERT C Secure Coding | FIO00-C | Take care when creating format strings | |
CERT C Secure Coding | FLP31-C | Do not call functions expecting real values with complex
values | |
CERT C Secure Coding | POS34-C | Do not call putenv() with a pointer to an automatic variable
as the argument | |
CERT C Secure Coding | STR37-C | Arguments to character handling functions must be
representable as an unsigned char | |
CERT C++ Secure Coding | FLP31-CPP | Do not call functions expecting real values with complex
values | |
CERT C++ Secure Coding | STR37-CPP | Arguments to character handling functions must be
representable as an unsigned char | |
References:None