Main Content

MISRA C:2023 Rule 17.1

The standard header file <stdarg.h> shall not be used

Since R2024a

Description

Rule Definition

The standard header file <stdarg.h> shall not be used.

Rationale

The rule forbids use of va_list, va_arg, va_start, va_end, and va_copy.

It is possible to use these features in ways where the behavior is not defined in the Standard. For instance:

  • You invoke va_start in a function but do not invoke the corresponding va_end before the function block ends.

  • You invoke va_arg in different functions on the same variable of type va_list.

  • va_arg has the syntax type va_arg (va_list ap, type).

    You invoke va_arg with a type that is incompatible with the actual type of the argument retrieved from ap.

Troubleshooting

If you expect a rule violation but do not see it, refer to Diagnose Why Coding Standard Violations Do Not Appear as Expected.

Examples

expand all

#include<stdarg.h>                      /* Non-compliant */
void f2(int n, ...) {
    int i;
    double val;
    va_list vl;                         /* Non-compliant */

    va_start(vl, n);                    /* Non-compliant */

    for(i = 0; i < n; i++)
    {
        val = va_arg(vl, double);       /* Non-compliant */
    }

    va_end(vl);                         /* Non-compliant */
}

In this example, the rule is violated because va_start, va_list, va_arg and va_end are used.

#include <stdarg.h>                     /* Non-compliant */
void h(va_list ap) {                    /* Non-compliant */
    double y;

    y = va_arg(ap, double );            /* Non-compliant */
}

void g(unsigned short n, ...) {
    unsigned int x;
    va_list ap;                         /* Non-compliant */

    va_start(ap, n);                    /* Non-compliant */
    x = va_arg(ap, unsigned int);       /* Non-compliant */

    h(ap);

    /* Undefined - ap is indeterminate because va_arg used in h () */
    x = va_arg(ap, unsigned int);       /* Non-compliant */

}

void f(void) {
    /* undefined - uint32_t:double type mismatch when g uses va_arg () */
    g(1, 2.0, 3.0);
}

In this example, va_arg is used on the same variable ap of type va_list in both functions g and h. In g, the second argument is unsigned int and in h, the second argument is double. This type mismatch causes undefined behavior.

Check Information

Group: Function
Category: Required
AGC Category: Required

Version History

Introduced in R2024a