Skip to end of metadata
Go to start of metadata

According to the C Standard, 6.8.4.2, paragraph 4 [ISO/IEC 9899:2011],

A switch statement causes control to jump to, into, or past the statement that is the switch body, depending on the value of a controlling expression, and on the presence of a default label and the values of any case labels on or in the switch body.

If a programmer declares variables, initializes them before the first case statement, and then tries to use them inside any of the case statements, those variables will have scope inside the switch block but will not be initialized and will consequently contain indeterminate values.

Noncompliant Code Example

This noncompliant code example declares variables and contains executable statements before the first case label within the switch statement:

#include <stdio.h>
 
extern void f(int i);
 
void func(int expr) {
  switch (expr) {
    int i = 4;
    f(i);
  case 0:
    i = 17;
    /* Falls through into default code */
  default:
    printf("%d\n", i);
  }
}

Implementation Details

When the preceding example is executed on GCC 4.8.1, the variable i is instantiated with automatic storage duration within the block, but it is not initialized. Consequently, if the controlling expression expr has a nonzero value, the call to printf() will access an indeterminate value of i. Similarly, the call to f() is not executed.

Value of expr

Output

0

17

Nonzero

Indeterminate

Compliant Solution

In this compliant solution, the statements before the first case label occur before the switch statement:

#include <stdio.h>
 
extern void f(int i);
 
int func(int expr) {
  /*
   * Move the code outside the switch block; now the statements
   * will get executed.
   */
  int i = 4;
  f(i);

  switch (expr) {
    case 0:
      i = 17;
      /* Falls through into default code */
    default:
      printf("%d\n", i);
  }
  return 0;
}

Risk Assessment

Using test conditions or initializing variables before the first case statement in a switch block can result in unexpected behavior and undefined behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DCL41-C

Medium

Unlikely

Medium

P4

L3

Automated Detection

Tool

Version

Checker

Description

Astrée19.04

switch-skipped-code

Fully checked
Axivion Bauhaus Suite6.9.0CertC-DCL41Fully implemented
Clang3.9-Wsometimes-uninitialized

Coverity2017.07

MISRA C 2004 Rule 15.0

MISRA C 2012 Rule 16.1

Implemented
LDRA tool suite 9.7.1385 SFully implemented
Parasoft C/C++test
10.4.2
CERT_C-DCL41-a

A switch statement shall only contain switch labels and switch clauses, and no other code

Polyspace Bug Finder

R2019b

CERT C: Rule DCL41-C

Checks for ill-formed switch statements (rule fully covered)

PRQA QA-C
9.5

3234
2008
2882

Partially implemented

PVS-Studio

6.23

V622
RuleChecker

19.04

switch-skipped-code

Fully checked
TrustInSoft Analyzer

1.38

initialisationExhaustively detects undefined behavior (see the compliant and the non-compliant example).

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

MISRA C:2012Rule 16.1 (required)Prior to 2018-01-12: CERT: Unspecified Relationship

Bibliography

[ISO/IEC 9899:2011]6.8.4.2, "The switch Statement"



4 Comments

  1. Should this be cross referenced with avoid dead code?

    1. Offhand, I think this should be incorporated into that rule. MSC07-C. Detect and remove dead code. (I'd still consider this a complete rule for the purposes of this assignment.)

      Also the 'Implmenetation Details' section needs to specify which platform produced the results shown here.

  2. Under Implementation Details, should this sentence

    Similarly, the call to the function will never be executed either.

    say

    Similarly, the call to function f will never be executed either.

    instead?

    1. He is definitely referring to the function f(). I'm not sure about the sentence. Maybe something like "Similarly, the call to f() is not executed.".