Versions Compared

Old Version 29

changes.mady.by.user Sandy Shrum

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Mariani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A value-returning function must return a value from all code paths; otherwise, it will result in undefined behavior. This includes returning through less-common code paths, such as from a function-try-block, as explained in the C++ Standard, [except.handle], paragraph 15:

...

MSC54-CPP-EX2: It is permissible for a control path to not return a value if that code path is never expected to be taken and a function marked [[noreturn]] is called as part of that code path or if an exception is thrown, as is illustrated in the following code example:.

Code Block
bgColor#ccccff
langcpp
#include <cstdlib>
#include <iostream>
[[noreturn]] void unreachable(const char *msg) {
  std::cout << "Unreachable code reached: " << msg << std::endl;
  std::exit(1);
}

enum E {
  One,
  Two,
  Three
};

int f(E e) {
  switch (e) {
  case One: return 1;
  case Two: return 2;
  case Three: return 3;
  }
  unreachable("Can never get here");
}

...

Failing to return a value from a code path in a value-returning function results in undefined behavior that might be exploited to cause data integrity violations.

Rule

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

MSC52-CPP

Medium

Probable

Yes

Medium

No

P8

L2

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page
Astrée_V
Astrée_V

return-implicit
Fully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC++-MSC52
Clang
Include Page
Clang_V
Clang_V
-Wreturn-typeDoes not catch all instances of this rule, such as function-try-blocks
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.STRUCT.MRS
LANG.STRUCT.NVNR

Missing return statement
Non-void noreturn,
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF2888
Klocwork
Include Page
Klocwork_V
Klocwork_V

FUNCRET.GEN

FUNCRET.IMPLICIT


LDRA tool suite
Include Page
LDRA_V
LDRA_V

2 D, 36 S

Fully implemented

Parasoft C/C++test
9.5JSF-114 
Include Page
Parasoft_V
Parasoft_V

CERT_CPP-MSC52-a

All exit paths from a function, except main(), with non-void return type shall have an explicit return statement with an expression

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: MSC52-CPPChecks for missing return statements (rule partially covered)
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V591
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
return-implicit
Fully checked
Security Reviewer - Static Reviewer

Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V

RTOS_09
RTOS_10
RTOS_11
RTOS_12		Fully implemented
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S935
 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[ISO/IEC 14882-2014]

Subclause 3.6.1, "Main Function"
Subclause 6.6.3, "The return Statement"
Subclause 15.3, "Handling an Exception"

...


...

Image Modified Image Modified Image Modified