Function Call With Incorrect Variable or Reference as ArgumentID: 688 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Variant |
Description
The software calls a function, procedure, or routine, but the
caller specifies the wrong variable or reference as one of the arguments, which
may lead to undefined behavior and resultant weaknesses.
Applicable PlatformsLanguage: CLanguage: Perl
Time Of Introduction
Common Consequences
Scope | Technical Impact | Notes |
---|
Other | Quality degradation | |
Detection Methods
Name | Description | Effectiveness | Notes |
---|
Other | While this weakness might be caught by the compiler in some languages,
it can occur more frequently in cases in which the called function
accepts variable numbers of arguments, such as format strings in C. It
also can occur in loosely typed languages or environments. This might
require an understanding of intended program behavior or design to
determine whether the value is incorrect. | | |
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
Testing | | Because this function call often produces incorrect behavior it will
usually be detected during testing or normal operation of the software.
During testing exercise all possible control paths will typically expose
this weakness except in rare cases when the incorrect function call
accidentally produces the correct results or if the provided argument
type is very similar to the expected argument type. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-688 ChildOf CWE-885 | Category | CWE-888 | |
Demonstrative Examples (Details)
- In the following Java snippet, the accessGranted() method is
accidentally called with the static ADMIN_ROLES array rather than the user
roles. (Demonstrative Example Id DX-64)
Observed Examples
- CVE-2005-2548 : Kernel code specifies the wrong variable in first argument, leading to resultant NULL pointer dereference.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy MappingsNone
References:None