SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

A switch statement consists of several case label, plus a default label. The default label is optional, but recommended (see MSC01-C. Strive for logical completeness). A series of statements following a case label conventionally end with a break; statement; if omitted, control flow falls through to the next case in the switch statement block. Since the break statement is not required, omitting the break statement does not produce compiler warnings, and thus can produce unexpected control flow.

Noncompliant Code Example

In this noncompliant code example, the case for when widget_type is WE_W lacks a break statement. Consequently, the statementsfor when widget_type is WE_X get executed even when widget_type is WE_W.

enum WidgetEnum { WE_W, WE_X, WE_Y, WE_Z } widget_type;
widget_type = WE_X;

switch (widget_type) {
  case WE_W:
    /* ... */
  case WE_X:
    /* ... */
    break;
  case WE_Y: case WE_Z:
    /* ... */
    break;
  default: /* can't happen */
	 /* handle error condition */
}

Compliant Solution

enum WidgetEnum { WE_W, WE_X, WE_Y, WE_Z } widget_type;
widget_type = WE_X;

switch (widget_type) {
  case WE_W:
    /* ... */
    break;
  case WE_X:
    /* ... */
    break;
  case WE_Y: case WE_Z:
    /* ... */
    break;
  default: /* can't happen */
	 /* handle error condition */
}

Exceptions

MSC17:EX1: The last label in a switch statement requires no final break. This will conventionally be the default label.

MSC17:EX2: When control flow is intended to cross statement labels, it is permissible to omit the break statement. In these instances, the unusual control flow must be explicitly documented.

enum WidgetEnum { WE_W, WE_X, WE_Y, WE_Z } widget_type;
widget_type = WE_X;

switch (widget_type) {
  case WE_W:
    /* ... */
    /* no break, process case for WE_X as well */
  case WE_X:
    /* ... */
    break;
  case WE_Y: case WE_Z:
    /* ... */
    break;
  default: /* can't happen */
	 /* handle error condition */
}

Risk Assessment

Failure to include break statements leads to unexpected control flow.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC17-C

medium

likely

low

P6

L2

Automated Detection

Compass/ROSE can detect violations of this recommendation.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C++ Secure Coding Standard as MSC18-CPP. Finish every set of statements associated with a case label with a break statement.

References

MSC16-C. Consider encrypting function pointers      49. Miscellaneous (MSC)      

  • No labels