SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

MSCXX-A. Detect and remove code that has no effect

Code that does not perform any action, or has an unintended effect can result in unexpected behavior and vulnerabilities. Statements or expressions that have no effect should be identified and removed from code.

Non-Compliant Code Example 1

In this example, a is compared with b. The comparison of a against b has no effect. 

int a;
a == b;
/* ... */

This is likely a case of the programmer mistakenly using the equals operator == instead of the assignment operator =.

Compliant Solution 1

The assignment of b to a is now properly performed. 

int a;
a = b;
/* ... */

Non-Compliant Code Example 2

In this example, p is incremented and then dereferenced, However, *p in this example has no effect.

int *p;
*p++;

Compliant Solution 2

Dereferencing p has no effect and should not be dereferenced.

int *p;
p++;

Risk Assessment

The presence of code that has no effect could indicate logic errors that may result in unexpected behavior and vulnerabilities.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSCXX-A

1 (low)

1 (unlikely)

2 (medium)

P2

L3

Automated Detection

The Coverity Prevent NO_EFFECT checker finds statements or expressions that do not accomplish anything, or statements that perform an unintended action. Coverity Prevent cannot discover all violations of this rule so further verification is necessary.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERTwebsite.

References

*Coverity 07 Section 6.1.9, "NO_EFFECT"

  • No labels