Unterminated variadic call¶
ID: cpp/unterminated-variadic-call Kind: problem Security severity: 8.8 Severity: warning Precision: medium Tags: - reliability - security - external/cwe/cwe-121 Query suites: - cpp-security-extended.qls - cpp-security-and-quality.qls Click to see the query in the CodeQL repository
The program calls a function that expects the variable argument list to be terminated with a sentinel value (typically NULL, 0 or -1). In this case, the sentinel value has been omitted as a final argument. This defect may result in incorrect behavior of the function and unintended stack memory access, leading to incorrect program results, instability, and even vulnerability to buffer overflow style attacks.
Recommendation¶
Each description of a defect highlighted by this rule includes a suggested value for the terminator. Check that this value is correct, then add it to the end of the call.
Example¶
#include<stdarg.h>voidpushStrings(char*firstString,...){va_listargs;char*arg;va_start(args,firstString);// process inputs, beginning with firstString, ending when NULL is reachedarg=firstString;while(arg!=NULL){// push the stringpushString(arg);// move on to the next inputarg=va_arg(args,char*);}va_end(args);}voidbadFunction(){pushStrings("hello","world",NULL);// OKpushStrings("apple","pear","banana",NULL);// OKpushStrings("car","bus","train");// BAD, not terminated with the expected NULL}In this example, the third call to pushStrings is not correctly terminated. This call should be updated to include NULL as the fourth and final argument to this call.
References¶
Common Weakness Enumeration: CWE-121.
