Main Content

CWE Rule 688

Function Call With Incorrect Variable or Reference as Argument

Since R2023b

expand all in page

Description

Rule Description

The product calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined behavior and resultant weaknesses.

Polyspace Implementation

The rule checker checks for the issue Possibly incorrect function argument.

Examples

expand all

Issue

This issue occurs when there is reason to suspect that a function might be called with an incorrect variable as argument. For instance:

  • A global variable is used as function argument while a variable local to the caller function lies unused.

  • The same variable is repeated for multiple arguments of a function while a variable local to the caller function lies unused.

In all such cases, the checker message indicates the unused local variable that is a probable fix for the incorrect function argument.

Risk

The use of an incorrect variable as function argument might indicate a copy-paste or another kind of programming error. If the function being called provides access rights or performs another kind of security-related activity, the error might lead to security vulnerabilities.

Fix

Investigate if the checker has correctly determined an incorrect function argument. See if you can replace the incorrect argument with the suggested unused local variable.

Example — Global Variable Used as Function Argument

In this example, the function tryGrantAccess() is called with the global variable ADMIN_ROLES while the local variable userRoles is unused. Perhaps, the programmer meant to invoke the function with this local variable and depending on how tryGrantAccess() is implemented, might be providing more privileges than intended.

#include <stdlib.h>
#include <string.h>

static const char* ADMIN_ROLES[] = { "reader", "writer", "administrator" };

extern int tryGrantAccess(const char* resource, const char** userRoles);
extern const char** getUserRoles(const char* user);

int accessGranted(const char* resource, const char* user) {
    const char** const userRoles = getUserRoles(user);
    return tryGrantAccess(resource, ADMIN_ROLES); //Noncompliant
}
Correction — Replace Global Variable with Unused Local Variable

Replace the incorrect function argument with the suggested unused local variable.

#include <stdlib.h>
#include <string.h>

static const char* ADMIN_ROLES[] = { "reader", "writer", "administrator" };

extern int tryGrantAccess(const char* resource, const char** userRoles);
extern const char** getUserRoles(const char* user);

int accessGranted(const char* resource, const char* user) {
    const char** const userRoles = getUserRoles(user);
    return tryGrantAccess(resource, userRoles); 
}
Example – Repeated Argument to Function

In this example, the function tryGrantAccess() is called with the variable ADMIN_ROLES passed as both second and third argument, while the local variable userRoles is unused. Perhaps, the local variable was meant to be the second argument of this function. Depending on how tryGrantAccess() is implemented, the programmer might be providing more privileges than intended.

#include <stdlib.h>
#include <string.h>

extern int tryGrantAccess(const char* resource, const char** userRoles, const char** adminRoles);
extern const char** getUserRoles(const char* user);

int accessGranted(const char* resource, const char* user) {
    static const char* ADMIN_ROLES[] = { "reader", "writer", "administrator" };
    const char** const userRoles = getUserRoles(user);
    return tryGrantAccess(resource, ADMIN_ROLES, ADMIN_ROLES); //Noncompliant
}
Correction — Avoid Repeated Argument

Replace the second function argument with the suggested unused local variable.

#include <stdlib.h>
#include <string.h>

extern int tryGrantAccess(const char* resource, const char** userRoles,
                          const char** adminRoles);
extern const char** getUserRoles(const char* user);

int accessGranted(const char* resource, const char* user) {
    static const char* ADMIN_ROLES[] = { "reader", "writer", "administrator" };
    const char** const userRoles = getUserRoles(user);
    return tryGrantAccess(resource, userRoles, ADMIN_ROLES); 
}

Check Information

Category: Others

Version History

Introduced in R2023b

See Also

Topics

External Websites