...
| Wiki Markup |
|---|
*MSC00-EX1:* Compilers can produce diagnostic messages for correct code. This is permitted by C99 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\], which allows a compiler to produce a diagnostic for any reason. It is usually preferable to rewrite code to eliminate compiler warnings, but if the code is correct it is sufficient to provide a comment explaining why the warning message does not apply. Some compilercompilers provide ways to suppress warnings, for example, suitably-formatted comments or pragmas, which can be used sparingly when the programmer understands the implications of the warning but has good reason to use the flagged construct anyway. |
Do not simply quiet warnings, for example, by adding typecasts. Instead, understand the reason for the warning and to consider a better approach, for example, use matching types . Use type casts sparingly, and only when there is no sensible alternativeand avoid typecasts whenever possible.
Risk Assessment
Eliminating violations of syntax rules and other constraints can eliminate serious software vulnerabilities that can lead to the execution of arbitrary code with the permissions of the vulnerable process.
...