[metadata]
id = "MSC37-C"
type = "rule"
category = "MSC"
number = 37
title = "Ensure that control never reaches the end of a non-void function"
description = """
If control reaches the closing curly brace (}) of a non-voidfunction without
evaluating areturnstatement, using the return value of the function call
isundefined behavior.(Seeundefined behavior 86.) In this noncompliant code
example, control reaches the end of thecheckpass()function when the two strings
passed tostrcmp()are not equal, resulting in undefined behavior. Many compilers
will generate code for thecheckpass()function, returning various values along
the execution path where noreturnstatement is defined. #include <string.h>
#include <stdio.h> int checkpass(const char *password) { if (strcmp(password,
"pass") == 0) { return 1; } } void func(const char *userinput) { if
(checkpass(userinput)) { printf("Success\n"); } }
"""
severity = "High"
likelihood = "Unlikely"
priority = "P6"
level = "L2"
cert_version = "2016 Edition (Wiki)"
last_modified = "Aug 31, 2025"
[rules.cert_c.MSC37-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/MSC37-C.+Ensure+that+control+never+reaches+the+end+of+a+non-void+function"
cwe = ["CWE-758"]