CWE-683

Variant Abstraction Level
Pillar — Highest-level weakness category
Class — Abstract, language-independent
Base — Specific enough to detect
Variant — Tied to specific technology
Compound — Requires multiple weaknesses
Draft MITRE CWE Status
Stable — Fully reviewed and complete
Draft — Under development, may change
Incomplete — Partially defined by MITRE
Deprecated — No longer recommended
Obsolete — Replaced by another CWE
Function Call With Incorrect Order of Arguments

Description

The product calls a function, procedure, or routine, but the caller specifies the arguments in an incorrect order, leading to resultant weaknesses.

While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers or types of arguments, such as format strings in C. It also can occur in languages or environments that do not enforce strong typing.

Consequences

Other — Quality Degradation

Mitigations

Phase: Implementation

Use the function, procedure, or routine as specified.

Detection

Automated Analysis

Because this function call often produces incorrect behavior, it will usually be detected during testing or normal operation of the product.

Automated Analysis

Exercising all possible control paths will typically expose this weakness, except in rare cases when the incorrect function call accidentally produces the correct results, or if the provided argument type is very similar to the expected argument type.