13.4. Using Variable Arguments Properly


You need a way to protect a function that accepts a variable number of arguments from reading more arguments than were passed to the function.


Our solution for dealing with a variable number of arguments is actually two solutions. The interface for both solutions is identical, however. Instead of calling va_arg( ), you should call spc_next_varg( ) , listed later in this section. Note, however, that the signature for the two functions is different. The code:

my_int_arg = va_arg(ap, int);


spc_next_varg(ap, int, my_int_arg);

The biggest difference from using variable argument functions is how you need to make the calls when using this solution. If you can guarantee that your code will be compiled only by GCC and will always be running on an x86 processor (or another processor to which you can port the first solution), you can make calls to the function using spc_next_varg( ) in the normal way. Otherwise, you will need to use the VARARG_CALL_x macros, where x is the number of arguments that you will be passing to the function, including both fixed and variable.

#include <stdarg.h> #include <stdio.h> #if defined(_ _GNUC_ _) && defined(i386) /* NOTE: This is valid only using GCC on an x86 machine */ #define spc_next_varg(ap, type, var) \ do { \ unsigned int _ _frame; \ _ _frame = *(unsigned int *)_ _builtin_frame_address(0); \ if ((unsigned int)(ap) = = _ _frame - 16) { \ fprintf(stderr, "spc_next_varg( ) called too many times!\n"); ...

Get Secure Programming Cookbook for C and C++ now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.