SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 93

changes.mady.by.user G. Ann Campbell

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Mariani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Failing to account for all possibilities within a logic statement can lead to a corrupted running state, potentially resulting in unintentional information disclosure or abnormal termination.

Recommendation

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

MSC01-C

Medium

Probable

Medium

No

No

P8

P4

L2

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

missing-else

switch-default

Partially checked
Compass/ROSE
  


Can detect some violations of this recommendation. In particular, it flags switch statements that do not have a default clause. ROSE should detect "fake switches" as well (that is, a chain of if statements each checking the value of the same variable). These if statements should always end in an else clause, or they should mathematically cover every possibility. For instance, consider the following:

  if (x > 0) {
	  /* ... */
  } else if (x < 0) {
    /* ... */
  } else if (x == 0) {
    /* ... */
  }
GCC
Include Page
GCC_V
GCC_V
  

Can detect some violations of this recommendation when the -Wswitch and -Wswitch-default flags are used

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C2000, C2002, C2004
Klocwork
 
Include Page
Klocwork_V
Klocwork_V

CWARN.EMPTY.

LABEL

LABEL 


LA_UNUSED
MISRA.IF.NO_ELSE
MISRA.SWITCH.WELL_FORMED.DEFAULT.2012
INFINITE_LOOP.GLOBAL
INFINITE_LOOP.LOCAL
INFINITE_LOOP.MACRO

 


LDRA tool suite
Include Page
LDRA_V
LDRA_V
48 S, 59 SFully implemented
Parasoft C/C++test
9.5MISRA2012-RULE-15_7, MISRA2004-15_3 Polyspace Bug FinderR2016a

Dead code

Missing case for switch condition

Unreachable code

Code does not execute

Default case is missing and may be reached

Code following control-flow statements

PRQA QA-C
Include Page
Parasoft_V
Parasoft_V

CERT_C-MSC01-a
CERT_C-MSC01-b

All 'if...else-if' constructs shall be terminated with an 'else' clause

The final clause of a switch statement shall be the default clause

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

474, 744, 787, 9013

Partially supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. MSC01-C


Checks for missing case for switch condition (rule partially covered)

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V517, V533, V534, V535, V556, V577, V590, V612, V695, V696, V719, V722, V747, V785, V786


RuleChecker
Include Page
RuleChecker_V
RuleChecker_V

missing-else

switch-default

Partially checked
Security Reviewer - Static Reviewer

Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V

CPP_44

Include PagePRQA QA-C_vPRQA QA-C_v

0597
1460
1470
1472

2000
2002
2004

Fully implemented
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V

ElseIfWithoutElse, SwitchWithoutDefault

 


Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardVOID MSC01-CPP. Strive for logical completeness
CERT Oracle Secure Coding Standard for JavaMSC57-J. Strive for logical completeness
ISO/IEC TS 17961Use of an implied default in a switch statement [swtchdflt]
ISO/IEC TR 24772Switch Statements and Static Analysis [CLL]

Bibliography

[Hatton 1995]Section 2.7.2, "Errors of Omission and Addition"
[Viega 2005]Section 5.2.17, "Failure to Account for Default Case in Switch"
[Zadegan 2009]"A Lesson on Infinite Loops"

...


...

Image Modified Image Modified Image Modified