V5001. OWASP. It is highly probable that the semicolon ';' is missing after 'return' keyword.
The analyzer found a code fragment where the semicolon ';' is probably missing.
Here is an example of code that causes generating the V5001 diagnostic message:
void Foo();
void Foo2(int *ptr)
{
if (ptr == NULL)
return
Foo();
...
}
The programmer intended to terminate the function's operation if the pointer ptr == NULL. But the programmer forgot to write the semicolon ';' after the return operator which causes the call of the Foo() function. The functions Foo() and Foo2() do not return anything and therefore the code is compiled without errors and warnings.
Most probably, the programmer intended to write:
void Foo();
void Foo2(int *ptr)
{
if (ptr == NULL)
return;
Foo();
...
}
But if the initial code is still correct, it is better to rewrite it in the following way:
void Foo2(int *ptr)
{
if (ptr == NULL)
{
Foo();
return;
}
...
}
The analyzer considers the code safe if the "if" operator is absent or the function call is located in the same line with the "return" operator. You might quite often see such code in programs. Here are examples of safe code:
void CPagerCtrl::RecalcSize()
{
return
(void)::SendMessageW((m_hWnd), (0x1400 + 2), 0, 0);
}
void Trace(unsigned int n, std::string const &s)
{ if (n) return TraceImpl(n, s); Trace0(s); }
This diagnostic is classified as:
|