Corgea LogoCorgea Security Hub

CWE-688: Function Call With Incorrect Variable or Reference as Argument

Learn about CWE-688 (Function Call With Incorrect Variable or Reference as Argument), its security impact, exploitation methods, and prevention guidelines.

What is Function Call With Incorrect Variable or Reference as Argument?

• Overview: This vulnerability occurs when a function is called with the wrong variable or reference as an argument. This can lead to unexpected and undefined behavior in the software, potentially introducing security weaknesses.

• Exploitation Methods:

  • Attackers can exploit this vulnerability by causing the application to behave unexpectedly, potentially gaining unauthorized access or causing a denial of service.
  • Common attack patterns include manipulating data inputs to trigger incorrect function calls or exploiting predictable variable names to inject malicious references.

• Security Impact:

  • Direct consequences include application crashes, data corruption, and unexpected behavior.
  • Potential cascading effects could involve unauthorized data access, privilege escalation, or further exploitation of related vulnerabilities.
  • Business impact may include data breaches, loss of customer trust, regulatory fines, and financial losses.

• Prevention Guidelines:

  • Specific code-level fixes include validating all function call arguments and ensuring they match expected types and references.
  • Security best practices involve thorough code reviews, static analysis, and implementing strong typing and type checking where possible.
  • Recommended tools and frameworks include static code analysis tools that can detect such vulnerabilities and development environments that support type checking and argument validation.

Corgea can automatically detect and fix Function Call With Incorrect Variable or Reference as Argument in your codebase. Try Corgea free today.

Technical Details

Likelihood of Exploit: Not specified

Affected Languages: C, Perl

Affected Technologies: Not specified

Vulnerable Code Example

#include <stdio.h>

// Function prototype
void processInteger(int value);

int main() {
    char buffer[10] = "123456789";  // Incorrect variable type
    // Vulnerable function call: passing a char array instead of an integer
    processInteger(buffer);  // This line causes the vulnerability
    return 0;
}

void processInteger(int value) {
    printf("Processing integer: %d\n", value);
}

Explanation:

  • Vulnerability: In the above code, the function processInteger is designed to accept an int as its argument. However, a char array buffer is incorrectly passed to it. This mismatch in data types can lead to undefined behavior because the memory representation of the char array is interpreted as an integer, which may not represent a valid or intended integer value.

How to fix Function Call With Incorrect Variable or Reference as Argument?

To fix this vulnerability, ensure that the data type of the variable passed to the function matches the expected argument type. In this example, convert the char array to an int before passing it to the function. This can be done using a function like atoi (ASCII to Integer), which converts a string to an integer.

  • Best Practices:
    • Always verify and validate the data types of function arguments before calling the function.
    • Use type conversion functions like atoi, atof, etc., to convert data types as necessary.
    • Consider using static typing tools or linters which can catch type mismatches during the development phase.

Fixed Code Example

#include <stdio.h>
#include <stdlib.h>  // Required for atoi

// Function prototype
void processInteger(int value);

int main() {
    char buffer[10] = "123456789";
    // Fixed function call: converting char array to integer using atoi
    int intValue = atoi(buffer);  // Convert the string to an integer
    processInteger(intValue);     // Now correctly passing an integer
    return 0;
}

void processInteger(int value) {
    printf("Processing integer: %d\n", value);
}

Explanation:

  • Fix: The char array buffer is converted to an int using atoi before being passed to processInteger. This ensures that the function receives the correct data type, preventing undefined behavior.
  • Security Control: The fix ensures type safety by matching the expected type of the function argument and includes necessary conversion, thereby mitigating the risk associated with incorrect variable types. Always check for potential issues with atoi, such as non-numeric input, which can lead to unexpected results. Consider using strtol for better error handling.
Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-688: Function Call With Incorrect Variable or Reference as Argument and get remediation guidance

Start for free and no credit card needed.