...
Do not simply quiet warnings by adding type casts or other means. Instead, understand the reason for the warning and consider a better approach, such as using matching types and avoiding type casts whenever possible.
Noncompliant Code Example (Windows)
Using the default warning specifier with #pragma warning resets the behavior of a warning to its default value, which may not be the same as its previous behavior. Programmers commonly, but incorrectly, use the default warning specifier to restore previous warning messages after a message is temporarily disabled.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#pragma warning(disable:4705)
#pragma warning(disable:4706)
#pragma warning(disable:4707)
/* Unnecessarily flagged code */
#pragma warning(default:4705)
#pragma warning(default:4706)
#pragma warning(default:4707)
|
Compliant Solution (Windows)
Instead of using the default warning specifier, the current state of the warnings should be saved and then restored after the unnecessarily flagged code.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#pragma warning(push)
#pragma warning(disable:4705)
#pragma warning(disable:4706)
#pragma warning(disable:4707)
/* Unnecessarily flagged code */
#pragma warning(pop) |
The pragma warning(push) stores the current warning state for every warning. The pragma warning(pop)pops the last warning state pushed onto the stack. Any changes made to the warning state between the push and pop are undone.
Risk Assessment
Eliminating violations of syntax rules and other constraints can eliminate serious software vulnerabilities that can lead to the execution of arbitrary code with the permissions of the vulnerable process.
...
| [ISO/IEC 9899:2011] | Section 5.1.1.3, "Diagnostics" |
| [Seacord 2013] | Chapter 9, "Recommended Practices" |
| [Sutter 2005] | Item 1 |
...