According to the C Standard, 6.8.5.3, paragraph 4 [ISO/IEC 9899:2024],

A switch statement causes control to jump to, into, or past the statement that is the switch body, depending on the value of a controlling expression, and on the presence of a default label and the values of any case labels on or in the switch body. A case or default label is accessible only within the closest enclosing switch statement

...

.

If a programmer declares variables and , initializes them before the first case statement, and try then tries to use them inside any of the case statements, those variables will have scope inside the switch block , but their value will be taken garbage. Any unexpected result can follow because of the above behavior.

Non Compliant Code:

not be initialized and will consequently contain indeterminate values.  Reading such values also violates EXP33-C. Do not read uninitialized memory.

Noncompliant Code Example

This noncompliant code example declares variables and contains executable statements before the first case label within the switch statement:In the example mentioned below, the variable i will be instantiated with automatic storage duration within the block, but it’s never initialized. Thus, if the controlling expression has a non-zero value, the cause to printf will access an indeterminate value of i. Similarly, the call to function will also never get executed.

#include <stdio.h>
 
intextern funcvoid f( int expr i);
{ 
void func(int expr) {
  switch (expr) {
	    int i = 4;
	    f(i);
     case 0:
	    i = 17;
	    /*falls Falls through into default code */
     default:	
	    printf(“%d"%d\n”n", i);
	  }
	return 0;
}

}

Implementation Details

When the preceding example is executed on GCC 4.8.1, the variable i is instantiated with automatic storage duration within the block, but it is not initialized. Consequently, if the controlling expression expr has a nonzero value, the call to printf() will access an indeterminate value of i. Similarly, the call to f() is not executed.

Compliant Solution

In the this compliant solution, by moving the statements before the first case statement outside the switch block, the execution can be ensured and result in an expected behavior.label occur before the switch statement:

#include <stdio.h>
 
extern void f(int i);
 
int func(int expr)
 {
	int i =/*
 4;  *  // Move the code outside the switch block
	f(i); now the statements
   * will get // Now the statements will get executed

	switchexecuted.
   */
  int i = 4;
  f(i);

  switch (expr) {
	    case 0:
	       i = 17;
	       /*falls Falls through into default code */
	    default:	
		
      printf(“%d"%d\n”n", i);
	  }
	  return 0;
}

Risk Assessment

Using test conditions or initializing variables inside the switch block before the first case statement , in a switch block can result in unexpected behaviour as the above code will not be executedbehavior and undefined behavior 20.

Automated Detection

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

Bibliography

...

Image Added Image Added Image Added