[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Function Call With Incorrect Variable or Reference as Argument

ID: 688Date: (C)2012-05-14   (M)2022-10-10
Type: weaknessStatus: DRAFT
Abstraction Type: Variant





Description

The software calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined behavior and resultant weaknesses.

Applicable Platforms
Language: C
Language: Perl

Time Of Introduction

  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Other
 
Quality degradation
 
 

Detection Methods

NameDescriptionEffectivenessNotes
Other
 
While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers of arguments, such as format strings in C. It also can occur in loosely typed languages or environments. This might require an understanding of intended program behavior or design to determine whether the value is incorrect.
 
  

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Testing
 
 Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type.
 
  

Relationships

Related CWETypeViewChain
CWE-688 ChildOf CWE-885 Category CWE-888  

Demonstrative Examples   (Details)

  1. In the following Java snippet, the accessGranted() method is accidentally called with the static ADMIN_ROLES array rather than the user roles. (Demonstrative Example Id DX-64)

Observed Examples

  1. CVE-2005-2548 : Kernel code specifies the wrong variable in first argument, leading to resultant NULL pointer dereference.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings
None

References:
None

CVE    1
CVE-2021-33713

© SecPod Technologies