SEMICOL

Suspiciously placed semicolon

The SEMICOL checker finds instances of misplaced semicolons. The parser may not recognize a misplaced semicolon in some situations, so Klocwork flags a semicolon on the same line as an if, for or while statement.

Vulnerability and risk

The misplaced semicolon is typically caused by programmer error, and can result in unexpected program behavior.

Vulnerable code example

1
2
3
4
5
6
  void foo(){
    for (i=0;i<10;i++);
    {
      do_this();
    }
  }

Klocwork flags line 2 for its suspiciously placed semicolon.

External guidance

• CERT EXP15-C: Do not place a semicolon on the same line as an if, for, or while statement
• CWE-480: Use of Incorrect Operator

Security training

Application security training materials provided by Secure Code Warrior.

• Business Logic Training Video - Test your skills with a training example