...
Compilers can produces diagnostic messages for correct code. This is permitted by C99 which allows a compiler to produce a diagnostic for any reason it wants. It is often preferable to rewrite code to eliminate compiler warnings, but in if the code is correct it is sufficient to provide a comment explaining why the warning message does not apply.
...
Risk Assessment
Eliminating violations of syntax rules and other constraints can eliminate serious software vulnerabilities that can lead to the execution of arbitrary code with the permissions of the vulnerable process.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level | |
|---|---|---|---|---|---|---|
MSC00-A | ||||||
Component | Value | |||||
Severity | 3 (high) | Likelihood | 2 (probable) Remediation cost | 2 (medium) | P12 | L1 |
References
- Sutter 05 Item 1
- ISO/IEC 9899-1999 Section 5.1.1.3 Diagnostics
- Seacord 05 Chapter 8 Recommended Practices