Function Call With Incorrectly Specified Argument Value

Draft Variant

Structure: Simple

Description

The product calls a function, procedure, or routine, but the caller specifies an argument that contains the wrong value, which may lead to resultant weaknesses.

Common Consequences 1

Scope: Other

Impact: Quality Degradation

Detection Methods 1

Manual Static Analysis

This might require an understanding of intended program behavior or design to determine whether the value is incorrect.

Demonstrative Examples 1

ID : DX-63

This Perl code intends to record whether a user authenticated successfully or not, and to exit if the user fails to authenticate. However, when it calls ReportAuth(), the third argument is specified as 0 instead of 1, so it does not exit.

Code Example:Bad
Perl
perl

Modes of Introduction

Implementation

Related Weaknesses

ChildOf:

Function Call with Incorrectly Specified Arguments (CWE-628)

Taxonomy Mapping

CERT C Secure Coding
Software Fault Patterns

Notes

RelationshipWhen primary, this weakness is most likely to occur in rarely-tested code, since the wrong value can change the semantic meaning of the program's execution and lead to obviously-incorrect behavior. It can also be resultant from issues in which the program assigns the wrong value to a variable, and that variable is later used in a function call. In that sense, this issue could be argued as having chaining relationships with many implementation errors in CWE.