Compile code using the highest warning level available for your compiler and eliminate warnings by modifying the code.

According to C99 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 5.1.1.3:

A conforming implementation shall produce at least one diagnostic message (identified in an implementation-defined manner) if a preprocessing translation unit or translation unit contains a violation of any syntax rule or constraint, even if the behavior is also explicitly specified as undefined or implementation-defined. Diagnostic messages need not be produced in other circumstances.

Assuming a conforming implementation, eliminating diagnostic messages will eliminate any violation of syntax rules or other constraints.

Exceptions

Compilers can produce diagnostic messages for correct code. This is permitted by C99 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\], which allows a compiler to produce a diagnostic for any reason.  It is usually preferable to rewrite code to eliminate compiler warnings, but if the code is correct it is sufficient to provide a comment explaining why the warning message does not apply.

Risk Assessment

Eliminating violations of syntax rules and other constraints can eliminate serious software vulnerabilities that can lead to the execution of arbitrary code with the permissions of the vulnerable process.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC00-A

3 (high)

2 (probable)

1 (high)

P6

L2

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 5.1.1.3, "Diagnostics"
\[[MITRE 07|AA. C References#MITRE 07]\] [CWE ID 563|http://cwe.mitre.org/data/definitions/563.html], "Unused Variable"; [CWE ID 570|http://cwe.mitre.org/data/definitions/570.html], "Expression is Always False"; [CWE ID 571|http://cwe.mitre.org/data/definitions/571.html], "Expression is Always True"
\[[Sutter 05|AA. C References#Sutter 05]\] Item 1
\[[Seacord 05|AA. C References#Seacord 05]\] Chapter 8, "Recommended Practices"

14. Miscellaneous (MSC)      14. Miscellaneous (MSC)       MSC01-A. Strive for logical completeness