CWE
Home > CWE List > CWE-628 Individual Dictionary Definition (Draft 9)   View the CWE List

CWE-628 Individual Dictionary Definition (Draft 9)

Function Call with Incorrectly Specified Arguments
Weakness ID
Status: Draft

628 (Weakness Base)

Description

Summary

The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.

Extended Description

There are multiple ways in which this weakness can be introduced, including: (1) the wrong variable or reference; (2) an incorrect number of arguments; (3) incorrect order of arguments; (4) wrong type of arguments; or (5) wrong value.

Weakness Ordinality

Primary (Weakness exists independent of other weaknesses)

Potential Mitigations

Once found, these issues are easy to fix. Use code inspection tools and relevant compiler features to identify potential violations. Pay special attention to code that is not likely to be exercised heavily during QA.

Make sure your API's are stable before you use them in production code.

Observed Examples
ReferenceDescription
CVE-2006-7049The method calls the functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions.
Context Notes

This is usually primary to other weaknesses, but it can be resultant if the function's API or function prototype changes. Since these bugs typically introduce obviously incorrect behavior, they are found quickly, unless they occur in rarely-tested code paths. Managing the correct number of arguments can be made more difficult in cases where format strings are used, or when variable numbers of arguments are supported.

Relationships
NatureTypeIDName
ChildOfCategoryCategory559Often Misused: Arguments and Parameters
ParentOfWeakness VariantWeakness VariantWeakness Variant683Function Call With Incorrect Order of Arguments
ParentOfWeakness VariantWeakness VariantWeakness Variant685Function Call With Incorrect Number of Arguments
ParentOfWeakness VariantWeakness VariantWeakness Variant686Function Call With Incorrect Argument Type
ParentOfWeakness VariantWeakness VariantWeakness Variant687Function Call With Incorrectly Specified Argument Value
ParentOfWeakness VariantWeakness VariantWeakness Variant688Function Call With Incorrect Variable or Reference as Argument
Applicable Platforms

All

Time of Introduction

Implementation

Page Last Updated: April 22, 2008