CWE

Function Call With Incorrectly Specified Argument Value

ID: 687		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: DRAFT
Abstraction Type: Variant

Description

The software calls a function, procedure, or routine, but the caller specifies an argument that contains the wrong value, which may lead to resultant weaknesses.

Applicable Platforms
None

Time Of Introduction

• Implementation

Common Consequences

Scope	Technical Impact	Notes
Other	Quality degradation

Detection Methods

Name	Description	Effectiveness	Notes
Manual Static Analysis	This might require an understanding of intended program behavior or design to determine whether the value is incorrect.

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
		Use the function, procedure, routine as specified.

Relationships
When primary, this weakness is most likely to occur in rarely-tested code, since the wrong value can change the semantic meaning of the program's execution and lead to obviously-incorrect behavior. It can also be resultant from issues in which the program assigns the wrong value to a variable, and that variable is later used in a function call. In that sense, this issue could be argued as having chaining relationships with many implementation errors in CWE.

Related CWE	Type	View	Chain
CWE-687 ChildOf CWE-885	Category	CWE-888

Demonstrative Examples   (Details)

1. This Perl code intends to record whether a user authenticated successfully or not, and to exit if the user fails to authenticate. However, when it calls ReportAuth(), the third argument is specified as 0 instead of 1, so it does not exit. (Demonstrative Example Id DX-63)

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
CERT C Secure Coding	MEM04-C	Do not perform zero length allocations
CERT C++ Secure Coding	MEM04-CPP	Do not perform zero length allocations

References:
None