CWE-686: Function Call With Incorrect Argument Type
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses.
扩展描述
This weakness is most likely to occur in loosely typed languages, or in strongly typed languages in which the types of variable arguments cannot be enforced at compilation time, or where there is implicit casting.
常见后果
影响范围: Other
技术影响: Quality Degradation
潜在缓解措施
阶段: Testing
描述: Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the product. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CERT C Secure Coding | EXP37-C | Call functions with the correct number and type of arguments | CWE More Specific |
| CERT C Secure Coding | FIO47-C | Use valid format strings | Imprecise |
| CERT C Secure Coding | POS34-C | Do not call putenv() with a pointer to an automatic variable as the argument | - |
| CERT C Secure Coding | STR37-C | Arguments to character handling functions must be representable as an unsigned char | - |
| Software Fault Patterns | SFP1 | Glitch in computation | - |