• CodeQL query help documentation »
• CodeQL query help for C and C++ »

Unterminated variadic call

ID: cpp/unterminated-variadic-call
Kind: problem
Security severity: 8.8
Severity: warning
Precision: medium
Tags:
   - reliability
   - security
   - external/cwe/cwe-121
Query suites:
   - cpp-security-extended.qls
   - cpp-security-and-quality.qls

Click to see the query in the CodeQL repository

The program calls a function that expects the variable argument list to be terminated with a sentinel value (typically NULL, 0 or -1). In this case, the sentinel value has been omitted as a final argument. This defect may result in incorrect behavior of the function and unintended stack memory access, leading to incorrect program results, instability, and even vulnerability to buffer overflow style attacks.

Recommendation

Each description of a defect highlighted by this rule includes a suggested value for the terminator. Check that this value is correct, then add it to the end of the call.

Example

#include <stdarg.h>

void pushStrings(char *firstString, ...)