Code that does not perform any action, or has an unintended effect can result in unexpected behavior and vulnerabilities. Statements or expressions that have no effect should be identified and removed from code.
In this example, the comparison of a to b has no effect.
int a; a == b; |
This is likely a case of the programmer mistakenly using the equals operator == instead of the assignment operator =.
The assignment of b to a is now properly performed.
int a; a = b; |
In this example, p is incremented and then dereferenced, However, *p has no effect.
int *p; *p++; |
Correcting this example depends on the intent of the programmer. For instance, if dereferencing p was done on accident, then p should not be dereferenced.
int *p; p++; |
If the intent was to increment the value referred to by p, then parentheses can be used to ensure p is dereferenced then incremented EXP00-A..
int *p; (*p)++ |
The presence of code that has no effect could indicate logic errors that may result in unexpected behavior and vulnerabilities.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MSC12-A |
1 (low) |
1 (unlikely) |
2 (medium) |
P2 |
L3 |
The Coverity Prevent NO_EFFECT checker finds statements or expressions that do not accomplish anything, or statements that perform an unintended action. Coverity Prevent cannot discover all violations of this rule so further verification is necessary.
Search for vulnerabilities resulting from the violation of this rule on the CERTwebsite.
Coverity 07 Coverity Prevent? User's Manual (3.3.0) (2007).