Missing parameter

Revision as of 16:44, 13 April 2006 by Jeff Williams (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well.


  • Authorization: There is the potential for arbitrary code execution with privileges of the vulnerable program if function parameter list is exhausted.
  • Availability: Potentially a program could fail if it needs more arguments then are available.

Exposure period

  • Implementation: This is a simple logical flaw created at implementation time.


  • Languages: C or C++
  • Operating platforms: Any

Required resources




Likelihood of exploit


Avoidance and mitigation

  • Implementation: Forward declare all functions. This is the recommended solution. Properly forward declaration of all used functions will result in a compiler error if too few arguments are sent to a function.


This issue can be simply combated with the use of proper build process.


In C or C++:

foo_funct(one, two); � void foo_funct(int one, int two, int three) {

 printf("1) %d\n2) %d\n3) %d\n", one, two, three);

} This can be exploited to disclose information with no work whatsoever. In fact, each time this function is run, it will print out the next 4 bytes on the stack after the two numbers sent to it.

Another example in C/C++ is:

void some_function(int foo, ...) {

   int a[3], i;
   va_list ap;
   va_start(ap, foo);

for (i = 0; i < sizeof(a) / sizeof(int); i++)

       a[i] = va_arg(ap, int);


int main(int argc, char *argv[]) {

   some_function(17, 42);


Related problems

Not available.