...
When the preceding example is executed on GCC 4.8.1, the variable i is instantiated with automatic storage duration within the block, but it is not initialized. Consequently, if the controlling expression expr has a nonzero value, the call to printf() will access an indeterminate value of i. Similarly, the call to f() is not executed.
Value of |
|
|---|---|
0 | 17 |
Nonzero | Indeterminate |
Compliant Solution
In this compliant solution, the statements before the first case label occur before the switch statement:
...
Using test conditions or initializing variables before the first case statement in a switch block can result in unexpected behavior and undefined behavior.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL41-C | Medium | Unlikely | Medium | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
| Astrée |
| switch-skipped-code | Fully checked | ||||||
| Clang |
| -Wsometimes-uninitialized |
| Coverity |
| MISRA C 2004 Rule 15.0 MISRA C 2012 Rule 16.1 | Implemented | ||||||
| LDRA tool suite |
| 385 S | Fully implemented | ||||||
| Parasoft C/C++test |
|
|
| MISRA2004-15_0_b | Fully implemented | |||||||
| Astrée |
| future-library-use language-override language-override-c99 reserved-declaration reserved-declaration-c99 reserved-identifier | Partially checked | ||||||
| PRQA QA-C |
| 3234 | Partially implemented | ||||||
| RuleChecker |
| switch-skipped-code | Fully checked | ||||||
| PVS-Studio | 6.22 | V622 | General analysis rule set |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| MISRA C:2012 | Rule 16.1 (required) | Prior to 2018-01-12: CERT: Unspecified Relationship |
Bibliography
| [ISO/IEC 9899:2011] | 6.8.4.2, "The switch Statement" |
...
...