Non-void function implicitly returning int doesn't return value

The FUNCRET.IMPLICIT checker finds paths in implicitly 'int' functions that don't have a return statement.

Vulnerability and risk

Functions without an explicit return type should return an integer value. If there is an attempt to read a return code in the cases with no return statement, it will be uninitialized.

Vulnerable code example

  foo(char ** param){
    char * x = malloc(1);

Klocwork flags line 5, indicating that the implicitly 'int' function 'foo' has no return statement.