According to the C Standard, 6.8.5.3, paragraph 4 [ISO/IEC 9899:2024],

A switch statement causes control to jump to, into, or past the statement that is the switch body, depending on the value of a controlling expression, and on the presence of a default label and the values of any case labels on or in the switch body. A case or default label is accessible only within the closest enclosing switch statement

...

.

If a programmer declares variables and , initializes them before the first case statement, and try then tries to use them inside any of the case statements, those variables will have scope inside the switch block , but will not be initialized and will consequently contain garbage indeterminate values.

Non Compliant Code:

  Reading such values also violates EXP33-C. Do not read uninitialized memory.

Noncompliant Code Example

This noncompliant code example The example code mentioned below declares variables and write contains executable code statements before the first case statement in label within the switch loop. statement:

#include <stdio.h>
 
extern void f(int i);
 
void func(int expr) {
  switch (expr) {
    int i = 4;
    f(i);
  case 0:
    i = 17;
    /*falls Falls through into default code */
  default:	
    printf(“%d"%d\n”n", i);
  }
  return 0;
}

Implementation Details

In the above exampleWhen the preceding example is executed on GCC 4.8.1, the variable i is instantiated with automatic storage duration within the block, but it is not initialized. Consequently, if the controlling expression expr has a non-zero nonzero value, the call to ((printf()}} will access an indeterminate value of i. Similarly, the call to function will also never get f() is not executed.

Compliant Solution

In this compliant solution, the statements before the first case statement are moved outside the switch block, improving the predictability and readability of the code.label occur before the switch statement:

#include <stdio.h>
 
extern void f(int i);
 
int func(int expr) {
	int i =/*
 4;  *  // Move the code outside the switch block
	f(i); now the statements
   * will get executed.
   *//
  Nowint thei statements= will4;
 get executedf(i);

	  switch (expr) {
	    case 0:
	       i = 17;
	       /*falls Falls through into default code */
	    default:	
		
      printf(“%d"%d\n”n", i);
	  }
	  return 0;
}

Risk Assessment

Using test conditions or initializing variables inside the switch block before the first case statement , in a switch block can result in unexpected behavior as the above code will not be executedbehavior and undefined behavior 20.

Automated Detection

References

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

Bibliography

...

Image Added Image Added Image AddedMISRA 04 chapter 6.14