CWE Rule 483

This issue occurs when the indentation of a statement makes it appear as part of an if, else or another block but the arrangement or lack of braces actually keeps the statement outside the block.

A developer or reviewer might incorrectly associate the statement with a block based on its indentation, leading to an incorrect assumption about the program logic.

For instance, in this example:

if(credentialsOK())
   login=1;
   setCookies();

If you want a statement to be part of a block, make sure that the statement is within the braces associated with the block. To identify the extent of a block, on the Source pane, click the opening brace.

If an if, else or while statement has no braces following the condition, only the next line on an execution path up to a semicolon is considered part of the if, else or while block. If you want subsequent lines to be included in the block, wrap the lines in braces.

For instance, in the preceding example, to include both statements in the if block, use:

if(credentialsOK()) {
   login=1;
   setCookies();
}

int switch1, switch2;

void doSomething(void);
void doSomethingElse(void);

void func() {
    if(switch1) 
        if(switch2)
            doSomething();
    else //Noncompliant
        doSomethingElse();
}

In this example, the else is indented as if it is associated with the first if. However, the else is actually associated with the second if. The indentation does not match the actual association and might lead to incorrect assumptions about the program logic.

If you want the else to be associated with the first if, use braces to mark the boundaries of the first if block.

int switch1, switch2;

void doSomething(void);
void doSomethingElse(void);

void func() {
    if(switch1) { 
        if(switch2)
            doSomething();
    }
    else
        doSomethingElse();
}

This issue occurs when a semicolon on the same line as the last token of an if, for or while statement results in an empty body.

The checker makes an exception for the case where the if statement is immediately followed by an else statement:

if(condition);
else {
  ...
}

The semicolon following the if, for or while statement often indicates a programming error. The spurious semicolon changes the execution flow and leads to unintended results.

If you want an empty body for the if, for or while statement, wrap the semicolon in a block and place the block on a new line to explicitly indicate your intent:

if(condition)
   {;}

int credentialsOK(void);

void login () {
    int loggedIn = 0;
    if(credentialsOK()); //Noncompliant
      loggedIn = 1; //Noncompliant
}

In this example, the spurious semicolon results in an empty if body. The assignment loggedIn=1 is always performed. However, the assignment was probably to be performed only under a condition.

If the semicolon was unintended, remove the semicolon.

int credentialsOK(void);

void login () {
    int loggedIn = 0;
    if(credentialsOK())
      loggedIn = 1;
}