Kingdom: Code Quality
Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.
Undefined Behavior
Abstract
The behavior of this function is undefined unless its control parameter is set to a specific value.
Explanation
The Linux Standard Base Specification 2.0.1 for libc places constraints on the arguments to some internal functions [1]. If the constraints are not met, the behavior of the functions is not defined.
The value
The value
The value
The value
1 must be passed to the first parameter (the version number) of the following file system function:
__xmknod
The value
2 must be passed to the third parameter (the group argument) of the following wide character string functions:
__wcstod_internal
__wcstof_internal
_wcstol_internal
__wcstold_internal
__wcstoul_internal
The value
3 must be passed as the first parameter (the version number) of the following file system functions:
__xstat
__lxstat
__fxstat
__xstat64
__lxstat64
__fxstat64
References
[1] The Linux Standard Base Specification 2.0.1, Interfaces Definitions for libc.
[2] Standards Mapping - Common Weakness Enumeration CWE ID 475
[3] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2012 Rule 1.3
desc.semantic.cpp.undefined_behavior