logo

Function Call With Incorrect Variable or Reference as Argument

Draft Variant
Structure: Simple
Description

This vulnerability occurs when a function is called with the wrong variable or reference passed as an argument. This simple coding mistake can cause the program to behave unpredictably, access incorrect data, or trigger other security flaws.

Extended Description

At its core, this weakness is a straightforward logic error where a developer accidentally passes an unintended variable to a function. Think of it like giving a shipping clerk the wrong address label—the package (data) gets processed, but it goes to the wrong destination (function parameter), leading to corrupted states, incorrect calculations, or exposure of sensitive information. This often happens during code maintenance, when using similar-looking variable names, or when function signatures change. For developers, prevention hinges on code clarity and rigorous review. Use descriptive, distinct variable names to avoid confusion. Implement static analysis tools that can flag potential argument mismatches, especially after refactoring. Always double-check function calls when modifying related code, as this flaw is easy to introduce but can be difficult to trace during debugging when it manifests far from the original error.
Common Consequences 1
Scope: Other

Impact: Quality Degradation
Detection Methods 1
Other
While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers of arguments, such as format strings in C. It also can occur in loosely typed languages or environments. This might require an understanding of intended program behavior or design to determine whether the value is incorrect.
Potential Mitigations 1
Phase: Testing
Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the product. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type.
Demonstrative Examples 1

ID : DX-64

In the following Java snippet, the accessGranted() method is accidentally called with the static ADMIN_ROLES array rather than the user roles.

Code Example:

Bad
Java
java

// grant or deny access based on user roles* ...}
Observed Examples 1
CVE-2005-2548Kernel code specifies the wrong variable in first argument, leading to resultant NULL pointer dereference.
Applicable Platforms
Languages:
C : UndeterminedPerl : Undetermined
Modes of Introduction
Implementation
Related Weaknesses
ChildOf: Function Call with Incorrectly Specified Arguments (CWE-628)