CWE-686 – Function Call With Incorrect Argument Type

Read Time:44 Second

Description

The software calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses.

This weakness is most likely to occur in loosely typed languages, or in strongly typed languages in which the types of variable arguments cannot be enforced at compilation time, or where there is implicit casting.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-628

 

Consequences

Other: Quality Degradation

 

Potential Mitigations

Phase: Testing

Description: 

Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type.

CVE References