CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.6)  

CWE-686: Function Call With Incorrect Argument Type

 
Function Call With Incorrect Argument Type
Weakness ID: 686 (Weakness Variant)Status: Draft
+ Description

Description Summary

The software calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses.

Extended Description

This weakness is most likely to occur in loosely typed languages, or in strongly typed languages in which the types of variable arguments cannot be enforced at compilation time, or where there is implicit casting.

+ Time of Introduction
  • Implementation
+ Potential Mitigations
PhaseDescription

Use the function, procedure, routine as specified.

Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type.

+ Weakness Ordinalities
OrdinalityDescription
Primary
(where the weakness exists independent of other weaknesses)
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base628Function Call with Incorrectly Specified Arguments
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory736CERT C Secure Coding Section 02 - Declarations and Initialization (DCL)
Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOfCategoryCategory739CERT C Secure Coding Section 05 - Floating Point (FLP)
Weaknesses Addressed by the CERT C Secure Coding Standard734
ChildOfCategoryCategory741CERT C Secure Coding Section 07 - Characters and Strings (STR)
Weaknesses Addressed by the CERT C Secure Coding Standard734
ChildOfCategoryCategory743CERT C Secure Coding Section 09 - Input Output (FIO)
Weaknesses Addressed by the CERT C Secure Coding Standard734
ChildOfCategoryCategory748CERT C Secure Coding Section 50 - POSIX (POS)
Weaknesses Addressed by the CERT C Secure Coding Standard734
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CERT C Secure CodingDCL35-CDo not invoke a function using a type that does not match the function definition
CERT C Secure CodingFIO00-CTake care when creating format strings
CERT C Secure CodingFLP31-CDo not call functions expecting real values with complex values
CERT C Secure CodingPOS34-CDo not call putenv() with a pointer to an automatic variable as the argument
CERT C Secure CodingSTR37-CArguments to character handling functions must be representable as an unsigned char
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential Mitigations
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships, Other Notes, Weakness Ordinalities
2008-11-24CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
2009-05-27CWE Content TeamMITREInternal
updated Description
2009-10-29CWE Content TeamMITREInternal
updated Other Notes, Potential Mitigations
Back to top
Page Last Updated: October 29, 2009
 

CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us