The presence of unused values may indicate significant logic errors. To prevent such errors unused values should be identified and removed from code.
Non-Compliant Code Example
In this example, p2 is assigned the value returned by bar(), but that value is never used. Note this example assumes that foo() and bar() return valid pointers in compliance with [[DCL30-C]].
int *p1, *p2;
p1 = foo();
p2 = bar();
if(baz())
return p1;
else
p2 = p1;
return p2;
Note this example assumes that the results of foo() and bar() are valid DCL30-C.
Compliant Solution
This example can be corrected many different ways depending on the intent of the programmer. In this compliant solution, p2 is initialized to NULL rather than the result of bar().
int *p1, *p2;
p1 = foo();
p2 = NULL;
if(baz())
return p1;
else
p2 = p1;
return p2;
Risk Assessment
The presence of unused values may indicate significant logic errors.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MSC13-A |
1 (low) |
1 (unlikely) |
2 (medium) |
P2 |
L3 |
Automated Detection
The Coverity Prevent UNUSED_VALUE checker finds variables that are assigned pointer values returned from a function call but never used.. Coverity Prevent cannot discover all violations of this rule so further verification is necessary.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERTwebsite.
References
*Coverity 07 Section 6.1.20, "UNUSED_VALUE"
References
Coverity 07 Coverity Prevent? User's Manual (3.3.0) (2007).