...
Remediation of dead code requires the programmer to determine why the code is never executed and then to resolve that the situation appropriately. To correct the preceding noncompliant code, the return is removed from the body of the first conditional statement.
...
MSC07-EX1: In some situations, dead code may make software resilient to future changes. An example of this is adding a default case to a switch statement even when all possible switch labels are specified. (See guideline recommendation MSC01-C. Strive for logical completeness.)
MSC07-EX2: It is also permissible to temporarily remove code that may be needed later. (See guideline recommendation MSC04-C. Use comments consistently and in a readable fashion for an illustration.)
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: MSC07-CPP. Detect and remove dead code
Bibliography
unmigrated-wiki-markup
ISO/IEC TR 24772 "BRS Leveraging human experience," "BVQ Unspecified Functionality," and "XYQ Dead and Deactivated Code"
MISRA Rule 2.4
MITRE CWE: CWE-561, "Dead Code"
Bibliography
| Wiki Markup |
|---|
\[[Fortify 2006|AA. Bibliography#Fortify 06]\] Code Quality\[[Fortify 2006|AA. Bibliography#Fortify 06]\] Code Quality, "Dead Code" \[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "BRS Leveraging human experience," "BVQ Unspecified Functionality," and "XYQ Dead and Deactivated Code" \[[MISRA 2004|AA. Bibliography#MISRA 04]\] Rule 2.4 \[[MITRE 2007|AA. Bibliography#MITRE 07]\] [CWE ID 561|http://cwe.mitre.org/data/definitions/561.html], "Dead Code" |
...
MSC06-C. Be aware of compiler optimization when dealing with sensitive data 49. Miscellaneous (MSC) MSC09-C. Character Encoding - Use Subset of ASCII for Safety