CERT.MULTI.FUNC.ARG.CALLS

Do not depend on the order of evaluation of subexpressions or the order in which side effects take place.

Vulnerability and risk

Multiple function call arguments in called function. The order of execution is not guaranteed and can introduce unexpected results if functions contain side effects.

Vulnerable code example

<![CDATA[ int val; int procsssA() { // ... return val++; } int procsssB() { // ... return val++; } void process(int a, int b); void handler() { process(procsssA(), procsssB()); } ]]>

Values provided to process() are dependent on order of evaluation

External guidance

CERT EXP10-C: Do not depend on the order of evaluation of subexpressions or the order in which side effects take place