The presence of unused values may indicate significant logic errors. To prevent such errors unused values should be identified and removed from code.
In this example, {{p2}} is assigned the value returned by {{bar()}}, but that value is never used. Note this example assumes that {{foo()}} and {{bar()}} return valid pointers \[[DCL30-C. Do not refer to an object outside of its lifetime]\]. |
int *p1, *p2;
p1 = foo();
p2 = bar();
if (baz())
return p1;
else
p2 = p1;
return p2;
|
This example can be corrected many different ways depending on the intent of the programmer. In this compliant solution, p2 is initialized to NULL rather than the result of bar(). The call to bar() can be removed if bar() does not produce any side-effects.
int *p1 = foo();
int *p2 = NULL;
bar(); /* Removable if bar() does not produce any side-effects */
if (baz()) {
return p1;
}
else {
p2 = p1;
}
return p2;
|
The presence of unused values may indicate significant logic errors.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MSC13-A |
1 (low) |
1 (unlikely) |
2 (medium) |
P2 |
L3 |
The Coverity Prevent UNUSED_VALUE checker finds variables that are assigned pointer values returned from a function call but never used. Coverity Prevent cannot discover all violations of this rule so further verification is necessary.
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Coverity 07 Coverity Prevent? User's Manual (3.3.0) (2007).