FUNCRET.GEN

Non-void function doesn't return value

The FUNCRET.GEN checker finds paths in non-void functions that don't have a return statement.

Vulnerability and risk

This situation leaves the returned value uninitialized, so design intent isn't accomplished.

Vulnerable code example

Copy

1
2
3
4
5
6
7
8
9
10
11
 #include <stdio.h>
 int string_len()
 {
       //...
 }

 int main()
 {
        string_len();
       return 0;
 }

Klocwork flags line 5, indicating that the 'int' function has no return. In contrast, the 'main' function with its return statement in line 10 is not flagged.

External guidance

CERT MSC37-C: Ensure that control never reaches the end of a non-void function