The product contains dead code, which can never be executed.
Dead code is code that can never be executed in a running program. The surrounding code makes it impossible for a section of code to ever be executed.
Threat Mapped score: 0.0
Industry: Finiancial
Threat priority: Unclassified
CVE: CVE-2014-1266
chain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple "goto fail" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).
N/A
N/A
| Phase | Note |
|---|---|
| Implementation | N/A |
Intro: The condition for the second if statement is impossible to satisfy. It requires that the variables be non-null. However, on the only path where s can be assigned a non-null value, there is a return statement.
String s = null; if (b) { s = "Yes"; return; } if (s != null) { Dead(); }Intro: In the following class, two private methods call each other, but since neither one is ever invoked from anywhere else, they are both dead code.
Body: (In this case it is a good thing that the methods are dead: invoking either one would cause an infinite loop.)
public class DoubleDead { private void doTweedledee() { doTweedledumb(); } private void doTweedledumb() { doTweedledee(); } public static void main(String[] args) { System.out.println("running DoubleDead"); } }Intro: The field named glue is not used in the following class. The author of the class has accidentally put quotes around the field name, transforming it into a string constant.
public class Dead { String glue; public String getGlue() { return "glue"; } }