LoginSignup
2

C Secure Coding Rules(4) 5.6. Calling functions with incorrect arguments [argcomp]

Last updated at Posted at 2018-04-03

ISO/IEC TS 17961:2013

Information Technology — Programming languages, their environments and system software interfaces — C Secure Coding Rules
http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1624.pdf

この文書は、ISO/IEC JTC1 SC22 WG14の作業文書(Working Draft)です。
公式のISO/IEC TS 17961:2013原本ではありません。

技術内容を検討し、ISO/IEC JTC1 SC22 WG14にフィードバックするために用いるものです。

ISO/IEC TS 17961:2013 C Secure Coding Rules(1)一覧

https://qiita.com/kaizen_nagoya/items/54e056195c4f11b850a1
一つの規則で複数回のコンパイルが必要な場合、別記事にしています。

作業予定

規則の例(断片等)をコンパイル、実行する予定です。
1: コンパイルエラーが出ないようにする。
 一覧のaccfree.cがこの段階です。
2: 実行時エラーが出ないようにする。
 一覧のptrcomp.cがこの段階です。
3: 意味のある出力が出るようにする。
 検討中。
現状では、変な代入、奇異な操作が頻出します。
コンパイルエラーが出ないようにするなるべく短い記述で済まそうという趣旨で、他意はありません。
よりよい記述に変更する予定です。

現在利用中のコンパイラ

Apple LLVM version 9.1.0 (clang-902.0.39.1)
Target: x86_64-apple-darwin17.4.0
on macOS 10.13.x
または

  • Apple LLVM version 9.0.0 (clang-900.0.39.2)
    Target: x86_64-apple-darwin16.7.0
    on macOS 10.12.6

##環境(Environment)
hosted Environment macOS 10.13.3 or 10.12.9

コンパイル用shell script

C版(clangとgcc)とC++版(clang++とg++)
https://qiita.com/kaizen_nagoya/items/74220c0577a512c2d7da

5.6. Calling functions with incorrect arguments [argcomp]

##EXAMPLE 1 In this noncompliant example, a diagnostic is required because the C Standard Library function strchr is called through the function pointer fp with incorrectly typed arguments.

argcomp.c
//EXAMPLE 1 In this noncompliant example, a diagnostic is required because the C Standard Library function strchr is called through the function pointer fp with incorrectly typed arguments.

#include <stdio.h> // for printf
#include <stdlib.h> // for EXIT_SUCCESS
#include <string.h> // for strchr
// char * strchr( const char *str , int chr );

char *(*fp)();
void f(void) {
  char *c;
  fp = strchr;
 c = fp("12", (int)'2'); // diagnostic required
  /// change 12 to "12". 2 to (int)'2)
  printf("%s\n", c);
}

int main(int argc, char** argv){ //
  f(); //
  return EXIT_SUCCESS;//
}//
$ ./gcc7ts.sh argcomp
$ clang argcomp.c
2

$ gcc-7 argcomp.c
2

EXAMPLE 2 In this noncompliant example, a diagnostic is required because the function copy is defined to take two arguments but is called with three arguments.

argcomp2a.c
#include <stdio.h> // for printf
#include <string.h> // for strcpy
//EXAMPLE 2 In this noncompliant example, a diagnostic is required because the function copy is defined to take two arguments but is called with three arguments.
/* in another source file */

void copy(char *dst, const char *src) {
  if (!strcpy(dst, src)) {
  /* report error */
    printf("strcpy error\n");
  }
}
argcomp2.c
#include <stdio.h> // for printf
#include <stdlib.h> // for EXIT_SUCCESS

/* in this source file -- no copy prototype in scope */
void copy();
void g(const char *s) {
  char buf[20];
  copy(buf, s, sizeof buf); // diagnostic required
  /* ... */
  printf("%s \n",s);
}
int main(int argc, char** argv){ //
  g("Hello World!"); //
  return EXIT_SUCCESS;//
}//
$ ./clg72.sh argcomp2 argcomp2a
$ clang argcomp2.c
Hello World! 

$ gcc-7 argcomp2.c
Hello World! 

##EXAMPLE 3 In this noncompliant example, a diagnostic is required because the function buginf is defined to take a variable number of arguments but is declared in another file with no prototype and is called.

argcomp3a.c
#include <stdio.h> // for printf
/* in another source file */
void buginf(const char *fmt, ...) {
/* ... */
  printf(fmt,__func__, __LINE__);
}
argcomp3.c
//EXAMPLE 3 In this noncompliant example, a diagnostic is required because the function buginf is defined to take a variable number of arguments but is declared in another file with no prototype and is called.

#include <stdio.h> // for printf
#include <stdlib.h> // for EXIT_SUCCESS

/* in this source file -- no buginf prototype in scope */
void buginf();
void h(void) {
  buginf("bug in function %s, line %d\n", __func__, __LINE__); // diagnostic required
/* ... */
}
int main(int argc, char** argv){ //
  h(); //
  return EXIT_SUCCESS;//
}//
$ ./clg72.sh argcomp3 argcomp3a
$ clang argcomp3.c
bug in function buginf, line 5

$ gcc-7 argcomp3.c
bug in function buginf, line 5

#EXAMPLE 4 In this noncompliant example, a diagnostic is required because the function f is defined to take an argument of type long, but f is called from another file with an argument of type int.

argcomp4a.c
/* in somefile.c */
long f(long x) {
  return x < 0 ? -x : x;
}
argcomp4.c
//EXAMPLE 4 In this noncompliant example, a diagnostic is required because the function f is defined to take an argument of type long, but f is called from another file with an argument of type int.

#include <stdio.h> // for printf
#include <stdlib.h> // for EXIT_SUCCESS

/* in otherfile.c */
int g(int x) {
  return f(x); // diagnostic required
}
int main(int argc, char** argv){ //
  printf("%d \n",g()); //
  return EXIT_SUCCESS;//
}//
 ./clg72.sh argcomp4 argcomp4a
$ clang argcomp4.c
argcomp4.c:6:10: warning: implicit declaration of function 'f' is invalid in C99
      [-Wimplicit-function-declaration]
  return f(x); // diagnostic required
         ^
1 warning generated.
1 

$ gcc-7 argcomp4.c
argcomp4.c: In function 'g':
argcomp4.c:6:10: warning: implicit declaration of function 'f' [-Wimplicit-function-declaration]
   return f(x); // diagnostic required
          ^
1 

参考文献

コンパイル用shell script C版(clangとgcc)とC++版(clang++とg++)
https://qiita.com/kaizen_nagoya/items/74220c0577a512c2d7da

C言語(C++)に対する誤解、曲解、無理解、爽快。
https://qiita.com/kaizen_nagoya/items/3f3992c9722c1cee2e3a

MISRA C まとめ #include
https://qiita.com/kaizen_nagoya/items/f1a79a7cbd281607c7c9

どうやって MISRA C Example Suiteをコンパイルするか
https://qiita.com/kaizen_nagoya/items/fbdbff5ff696e2ca7f00

[C][C++]の国際規格案の例題をコンパイルするときの課題7つ。
https://qiita.com/kaizen_nagoya/items/5f4b155030259497c4de

文書履歴

ver. 0.10 初稿 20180403
ver. 0.11 gcc-7, Example節項目, コンパイル対象2つ追記 20180407
ver. 0.12 ありがとう追記 20230413

最後までおよみいただきありがとうございました。

いいね 💚、フォローをお願いします。

Thank you very much for reading to the last sentence.

Please press the like icon 💚 and follow me for your happy life.

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
2