logo

Undefined Behavior for Input to API

Incomplete Base
Structure: Simple
Description

This API function exhibits unpredictable or undefined behavior when its control parameter is not set to the exact, required value.

Extended Description

This vulnerability occurs when a function's behavior depends on a specific control parameter, like a mode selector or a flag. If a developer passes any other value, the function's actions become undefined by the API specification. This can lead to crashes, data corruption, or unexpected system states because the underlying code isn't designed to handle those inputs. To prevent this, developers must strictly adhere to the API's documented requirements for parameter values. Always validate inputs before passing them to such functions and implement robust error handling for invalid cases. Relying on observed behavior from undefined states is dangerous, as it can change across different compilers, system updates, or hardware.
Common Consequences 1
Scope: Other

Impact: Quality DegradationVaries by Context
Detection Methods 1
Automated Static AnalysisHigh
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
References 1
Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
Katrina Tsipenyuk, Brian Chess, and Gary McGraw
NIST Workshop on Software Security Assurance Tools Techniques and MetricsNIST
07-11-2005
https://samate.nist.gov/SSATTM_Content/papers/Seven%20Pernicious%20Kingdoms%20-%20Taxonomy%20of%20Sw%20Security%20Errors%20-%20Tsipenyuk%20-%20Chess%20-%20McGraw.pdf
ID: REF-6
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Implementation
Related Weaknesses
ChildOf: Improper Following of Specification by Caller (CWE-573)
Taxonomy Mapping
  • 7 Pernicious Kingdoms
  • Software Fault Patterns
Notes
OtherThe Linux Standard Base Specification 2.0.1 for libc places constraints on the arguments to some internal functions [21]. If the constraints are not met, the behavior of the functions is not defined. It is unusual for this function to be called directly. It is almost always invoked through a macro defined in a system header file, and the macro ensures that the following constraints are met: The value 1 must be passed to the third parameter (the version number) of the following file system function: __xmknod The value 2 must be passed to the third parameter (the group argument) of the following wide character string functions: __wcstod_internal __wcstof_internal __wcstol_internal __wcstold_internal __wcstoul_internal The value 3 must be passed as the first parameter (the version number) of the following file system functions: __xstat __lxstat __fxstat __xstat64 __lxstat64 __fxstat64