CWE-561: Dead Code

Description

The product contains dead code, which can never be executed.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

Dead code is code that can never be executed in a running program. The surrounding code makes it impossible for a section of code to ever be executed.

Example Vulnerable Codes

Example - 1

The condition for the second if statement is impossible to satisfy. It requires that the variables be non-null, while on the only path where s can be assigned a non-null value there is a return statement.



s = "Yes";return;
Dead();String s = null;if (b) {}if (s != null) {}

Example - 2

In the following class, two private methods call each other, but since neither one is ever invoked from anywhere else, they are both dead code.

doTweedledumb();
doTweedledee();
System.out.println("running DoubleDead");private void doTweedledee() {}private void doTweedledumb() {}public static void main(String[] args) {}public class DoubleDead {}

(In this case it is a good thing that the methods are dead: invoking either one would cause an infinite loop.)

Example - 3

The field named glue is not used in the following class. The author of the class has accidentally put quotes around the field name, transforming it into a string constant.


return "glue";String glue;public String getGlue() {}public class Dead {}

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Dec. 23, 2024 5:25