In C99, undefined behavior can result when control reaches the end of a non-void function, and the value of the function call is used. This is almost always a programming error, and can lead to unexpected behavior.
Noncompliant Code Example
In this noncompliant code example, control reaches the end of the checkpass function when the two strings passed to strcmp are not equal. This leads to undefined behavior, and various compilers generate code equivalent to the checkpass function returning various values when no return statement is reached.
int checkpass(char *password) {
if (strcmp(password, "pass") == 0) {
return 1;
}
}
/* ... */
if (checkpass(userinput)) {
printf("Success!\n");
}
Implementation Details
This error can often be detected through the analysis of compiler warnings. For example, when this code is compiled with -Wall on most versions of the GCC compiler,
#include <stdio.h>
int main(void) {
printf("test\n");
}
the following warning will be generated
example.c: In function âmainâ: example.c:5: warning: control reaches end of non-void function
Compliant Solution
This compliant solution ensures that control never reaches the end of the checkpass function.
int checkpass(char *password) {
if (strcmp(password, "pass") == 0) {
return 1;
}
return 0;
}
/* ... */
if (checkpass(userinput)) {
printf("Success!\n");
}
Risk Assessment
Using the return value from a non-void function where control reaches the end of the function can lead to unexpected program behavior, and possibly abnormal program termination.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MSC37-C |
medium |
unlikely |
low |
P6 |
L2 |
References
[[ISO/IEC 9899:1999]] Section 6.9.1, "Function definitions"