Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated references from C11->C23

...

Code Block
example.c: In function 'getlen'€™:
example.c:12: warning: control reaches end of non-void function

...

MSC37-C-EX1: According to the C Standard, 5.1.2.23.34, paragraph 1 [ISO/IEC 9899:20112024], "Reaching the } that terminates the main function returns a value of 0." As a result, it is permissible for control to reach the end of the main() function without executing a return statement.

...

Using the return value from a non-void function where control reaches the end of the function without evaluating a return statement can lead to buffer overflow vulnerabilities as well as other unexpected program behaviors.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC37-C

High

Unlikely

Low

P9

L2

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Automated Detection

ToolVersionCheckerDescription
Astrée
Include Page
Astrée_V
Astrée_V
return-implicitFully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-MSC37
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.STRUCT.MRSMissing return statement
Coverity
Include Page
Coverity_V
Coverity_V

MISSING_RETURN

Implemented
Cppcheck

Include Page
Cppcheck_V
Cppcheck_V

missingReturnFully implemented
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

missingReturnFully implemented
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C++4022

DF2888


Klocwork
Include Page
Klocwork_V
Klocwork_V
FUNCRET.GEN
FUNCRET.IMPLICIT

LDRA tool suite
Include Page
LDRA_V
LDRA_V
2 D, 36 S, 66 SFully implemented
Parasoft C/C++test
9.5MISRA2012-RULE-17_4
Include Page
Parasoft_V
Parasoft_V

CERT_C-MSC37-a

All exit paths from a function, except main(), with non-void return type shall have an explicit return statement with an expression
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

533

Fully supported

Fully implemented

Polyspace Bug Finder
R2016aMissing return statement

Function does not return value though return type is not void

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule MSC37-CChecks for missing return statement (rule fully covered)


RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
return-implicitFully checked
PRQA QA-C Include PagePRQA QA-C_vPRQA QA-C_v2888 
SonarQube C/C++ Plugin

Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V

S935
 

...


TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

Body of function falls-throughExhaustively verified.

Related Guidelines

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CERT C Secure Coding StandardMSC01-C. Strive for logical completenessPrior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-7582017-07-07: CERT: Rule subset of CWE

CERT-CWE Mapping Notes

Key here for mapping notes

CWE-758 and MSC37-C

Independent( INT34-C, INT36-C, MEM30-C, MSC37-C, FLP32-C, EXP33-C, EXP30-C, ERR34-C, ARR32-C)

CWE-758 = Union( MSC37-C, list) where list =

Undefined behavior that results from anything other than failing to return a value from a function that expects one

Bibliography

[ISO/IEC 9899:
2011
2024]5.1.2.
2
3.
3
4, "Program Termination"

...


...

Image Modified Image Modified Image Modified