CWE-561: Dead Code

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The condition for the second if statement is impossible to satisfy. It requires that the variables be non-null. However, on the only path where s can be assigned a non-null value, there is a return statement.

Vulnerable example

cpp

String s = null;

In the following class, two private methods call each other, but since neither one is ever invoked from anywhere else, they are both dead code.

Vulnerable example

java

public class DoubleDead {

(In this case it is a good thing that the methods are dead: invoking either one would cause an infinite loop.)

The field named glue is not used in the following class. The author of the class has accidentally put quotes around the field name, transforming it into a string constant.

Vulnerable example

java

public class Dead {

CWE-561: Dead Code | RadicalNotion.AI

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Architecture or Design Review

Automated Static Analysis - Binary or Bytecode

Dynamic Analysis with Manual Results Interpretation

Automated Static Analysis

Automated Static Analysis - Source Code

Dynamic Analysis with Automated Results Interpretation

Manual Static Analysis - Source Code

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-561?

What CVEs are caused by CWE-561?

How do you prevent CWE-561?

How is CWE-561 detected?

What are the consequences of CWE-561?

Is CWE-561 actively exploited?

References

Stay ahead of CWE-561

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Architecture or Design Review

Automated Static Analysis - Binary or Bytecode

Dynamic Analysis with Manual Results Interpretation

Automated Static Analysis

Automated Static Analysis - Source Code

Dynamic Analysis with Automated Results Interpretation

Manual Static Analysis - Source Code

Code examples

Illustrative examples

Related weaknesses

Parent

Related

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-561?

What CVEs are caused by CWE-561?

How do you prevent CWE-561?

How is CWE-561 detected?

What are the consequences of CWE-561?

Is CWE-561 actively exploited?

References

Stay ahead of CWE-561