CWARN.NULLCHECK.FUNCNAME

Ineffective function address check

The CWARN.NULLCHECK.FUNCNAME checker finds instances in which a function address is directly compared to 0.

Vulnerability and risk

Function addresses never equal 0, so comparing them with 0 is either always false or always true. Such comparisons have no effect, so it's probable that design intent isn't being accomplished.

Vulnerable code example

1  void foo() {
2  }
3  
4  void bar() {
5    if (foo != 0)  
6      return;
7  }

Klocwork flags line 5, in which the function name foo is being compared to 0.

Security training

Application security training materials provided by Secure Code Warrior.