...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
CVE-2014-1266 results from a violation of this rule. There is a spurious "goto fail" statement on line 631 of sslKeyExchange.c. This "goto" gets executed unconditionally, even though it is indented as if it were part of the preceding "if" statement. As a result, the call to sslRawVerify (which performs the actual signature verification) is rendered dead code. [ImperialViolet 2014]
Related Guidelines
| CERT C++ Secure Coding Standard | MSC07-CPP. Detect and remove dead code |
| ISO/IEC TR 24772 | Unspecified functionality [BVQ] Dead and deactivated code [XYQ] |
| MISRA C:2012 | Directive 4.4 (advisory) |
| MITRE CWE | CWE-561, Dead code |
...