Comparing a function pointer to a value that is not a null function pointer of the same type will be diagnosed because it typically indicates programmer error and can result in unexpected behavior. Implicit comparisons will be diagnosed, as well.
...
In this noncompliant code example, the addresses of the POSIX functions getuid and geteuid are compared for equality to 0. Because no function address shall be null, the first subexpression will always evaluate to false (zero0), and the second subexpression always to true (nonzero). Consequently, the entire expression will always evaluate to true, leading to a potential security vulnerability.
...
In this noncompliant code example, the function pointers getuid and geteuid are compared to 0. This noncompliant code example is from an actual vulnerability (VU#837857) discovered in some versions of the X Window System server. The vulnerability exists because the programmer neglected to provide the open and close parentheses following the geteuid() function identifier. As a result, the geteuid token returns the address of the function, which is never equal to zero0. Consequently, the or condition of this if statement is always true, and access is provided to the protected block for all users. Many compilers issue a warning noting such pointless expressions. Therefore, this coding error is normally detected by adherence to MSC00-C. Compile cleanly at high warning levels.
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| BAD_COMPARE | Can detect the specific instance where the address of a function is compared against 0, such as in the case of | |||||||
| GCC |
| Can detect violations of this recommendation when the | |||||||
| EFFECT | ||||||||
|
...