If control reaches the closing curly brace (}) of a non-void nonvoid function without evaluating a return statement, using the return value of the function call causes undefined behavior. See undefined behavior 88 in Annex J, subclause J .2 of the C Standard [ISO/IEC 9899:2011].
This rule is related to MSC01-C. Strive for logical completeness because both practices are intended to ensure that programs properly handle all possible conditions.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
int getlen(const int *input, size_t maxlen, int delim, size size_t *result) { for (size_t i = 0; i < maxlen; ++i) { if (input[i] == delim) { if (result != NULL) { *result = i; } return 0; } } return -1; } void func(int userdata) { size_t i; int data[] = {1, 1, 1}; if (getlen(data, sizeof(data), 0, &i) != 0) { /* Handle error. */ } else { data[i] = userdata; } } |
...
MSC37-EX1: According to the C standardStandard, subclause 5.1.2.2.3, paragraph 1 [ISO/IEC 9899:2011],
Reaching ...; reaching the
}that terminates the main function returns a value of 0.
...
Using the return value from a non-void nonvoid function where control reaches the end of the function can lead to a buffer overflow vulnerability as well as other unexpected program behaviors.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC37-C | highHigh | unlikelyUnlikely | lowLow | P9 | L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
| [ISO/IEC 9899:2011] | Annex J, subclause JSubclause 5.1.2.2.3, "Undefined behaviorProgram Termination" |
...