UNUSED.FUNC.WARN
Potential unused function definition
Potential unused function.
Vulnerability and risk
A defined but unused function can have a few implications. It can lead to development confusion such as the wrong function having similar name being called. In some rare occasions, the unused function may also find its way into the final executable which may lead to other vulnerabilities. If a function is deemed unused then it should be removed from the translation unit. Conversely, if a function is supposed to be called from other translation units (non-static functions, for example: a custom library function) then it should have a declaration in a header file. Otherwise, it should be defined as a static function and used at some point within the current translation unit.
Vulnerable code example 1
File: lib.h
void used();
File: driver.c
#include “lib.h”
void used() {
}
void unused() { //A non-static function without any declaration in a header file
}
int main() {
used();
return 0;
}
The function "unused()" is neither called nor has a declaration in the file "lib.h". It is still possible to call "unused()" from other translation units through "extern" declaration in which case the file "lib.h" should contain a corresponding declaration. Klocwork produces UNUSED.FUNC.WARN on line 5 of driver.c file.
Fixed code example 1
File: lib.h
void used();
void unused();
File: driver.c
#include “lib.h”
void used() {
}
void unused() { //A non-static function without any declaration in a header file
}
int main() {
used();
return 0;
}
In the listing above, it is assumed that the function "unused()" may be called from outside of "driver.c" hence a declaration is added in "lib.h" file.
Vulnerable code example 2
void foo(int x) {}
void foo(int x, int y) {}
int main() {
foo(0, 0);
return 0;
}
Above, the overloaded "foo(int)" is defined but never used within the current translation unit. Klocwork produces UNUSED.FUNC.WARN on line 1.
Fixed code example 2
void foo(int x, int y) {}
int main() {
foo(0, 0);
return 0;
}
The unused function is removed.