In the C programming language, when you want to declare a function without parameters, you write its signature like this:
int foo(void);
When you want to declare a function with unspecified parameters, its signature looks like this:
int foo();
In this case, it is possible to call the function from another file with parameters chosen by the programmer:
int c = foo(5, 6);
In the upcoming C23 standard, it has been decided that a function signature without parameters will be equivalent to one with void
:
int foo();
will be equivalent to
int foo(void);
I was wondering which kind of programming or security issues could this change prevent? (My professor said so but I couldn't think of any) what's the big deal if a funciton isn't expecting parameters and I sent it one parameter? from what I know parameters are saved below saved_ebp
saved_ebp
or stack.