[metadata]
id = "EXP47-C"
type = "rule"
category = "EXP"
number = 47
title = "Do not call va_arg with an argument of the incorrect type"
description = """
The variable arguments passed to a variadic function are accessed by calling
theva_arg()macro. This macro accepts theva_listrepresenting the variable
arguments of the function invocation and the type denoting the expected argument
type for the argument being retrieved. The macro is typically invoked within a
loop, being called once for each expected argument. However, there are no type
safety guarantees that the type passed tova_argmatches the type passed by the
caller, and there are generally no compile-time checks that prevent the macro
from being invoked with no argument available to the function call. The C
Standard, 7.16.1.1, states [ISO/IEC 9899:2024], in part: Ensure that an
invocation of theva_arg()macro does not attempt to access an argument that was
not passed to the variadic function. Further, the type passed to
theva_arg()macro must match the type passed to the variadic function after
default argument promotions have been applied. Either circumstance results
inundefined behavior 141.
"""
severity = "Medium"
likelihood = "Likely"
priority = "P6"
level = "L2"
cert_version = "2016 Edition (Wiki)"
last_modified = "Aug 29, 2025"
[rules.cert_c.EXP47-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/EXP47-C.+Do+not+call+va_arg+with+an+argument+of+the+incorrect+type"