CWARN.NULLCHECK.FUNCNAME

Ineffective function address check

The CWARN.NULLCHECK.FUNCNAME checker finds instances in which a function address is directly compared to 0.

Vulnerability and risk

Function addresses never equal 0, so comparing them with 0 is either always false or always true. Such comparisons have no effect, so it's probable that design intent isn't being accomplished.

Vulnerable code example

1
2
3
4
5
6
7
  void foo() {
  }
  
  void bar() {
    if (foo != 0)  
      return;
  }

Klocwork flags line 5, in which the function name foo is being compared to 0.

External guidance

• CERT EXP16-C: Do not compare function pointers to constant values
• CERT MSC12-C: Detect and remove code that has no effect or is never executed
• CWE-480: Use of Incorrect Operator

Security training

Application security training materials provided by Secure Code Warrior.

• Business Logic Training Video - Test your skills with a training example