...
Using the return value from a non-void function where control reaches the end of the function without evaluating a return statement can lead to buffer overflow vulnerabilities as well as other unexpected program behaviors.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC37-C | High | Unlikely | Low | P9 | L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| return-implicit | Fully checked | ||||||
| CodeSonar |
| LANG.STRUCT.MRS | Missing return statement | ||||||
| Coverity |
| MISSING_RETURN | Implemented | ||||||
| Klocwork |
| FUNCRET.GEN MISRA.RETURN.NOT_LAST |
| LDRA tool suite |
| 2 D, 36 S, 66 S | Fully implemented | ||||||
| Parasoft C/C++test |
|
|
|
| MISRA2004- |
| 16_ |
| 8 | Fully implemented | |||||||
| Polyspace Bug Finder | R2016a | Missing return statement | Function does not return value though return type is not | |||||
| PRQA QA-C |
| 2888 |
| PRQA QA-C++ |
| 2888, 4022 |
| RuleChecker |
| return-implicit | Fully checked | ||||||
| SonarQube C/C++ Plugin |
| S935 |
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT C Secure Coding Standard | MSC01-C. Strive for logical completeness | Prior to 2018-01-12: CERT: Unspecified Relationship |
| CWE 2.11 | CWE-758 | 2017-07-07: CERT: Rule subset of CWE |
CERT-CWE Mapping Notes
Key here for mapping notes
...
Undefined behavior that results from anything other than failing to return a value from a function that expects one
Bibliography
| [ISO/IEC 9899:2011] | 5.1.2.2.3, "Program Termination" |
...
...