Contenu principal

ISO/IEC TS 17961 [swtchdflt]

Use of an implied default in a switch statement

Description

Rule Definition

Use of an implied default in a switch statement.1

Polyspace Implementation

This checker checks for Missing case for switch condition.

Examples

expand all

Issue

Missing case for switch condition occurs when the switch variable can take values that are not covered by a case statement.

Note

Bug Finder only raises a defect if the switch variable is not full range.

Risk

If the switch variable takes a value that is not covered by a case statement, your program can have unintended behavior.

A switch-statement that makes a security decision is particularly vulnerable when all possible values are not explicitly handled. An attacker can use this situation to deviate the normal execution flow.

Fix

It is good practice to use a default statement as a catch-all for values that are not covered by a case statement. Even if the switch variable takes an unintended value, the resulting behavior can be anticipated.

Example - Missing Default Condition
#include <stdio.h>
#include <string.h>

typedef enum E
{
    ADMIN=1,
    GUEST,
    UNKNOWN = 0
} LOGIN;

static LOGIN system_access(const char *username) {
  LOGIN user = UNKNOWN;

  if ( strcmp(username, "root") == 0 )
    user = ADMIN;

  if ( strcmp(username, "friend") == 0 )
    user = GUEST;

  return user;
}

int identify_bad_user(const char * username)
{
    int r=0;

    switch( system_access(username) ) 
    {
    case ADMIN:
        r = 1;
        break;
    case GUEST:
        r = 2;
    }

    printf("Welcome!\n");
    return r;
}

In this example, the enum parameter User can take a value UNKNOWN that is not covered by a case statement.

Correction — Add a Default Condition

One possible correction is to add a default condition for possible values that are not covered by a case statement.

#include <stdio.h>
#include <string.h>

typedef enum E
{
    ADMIN=1,
    GUEST,
    UNKNOWN = 0
} LOGIN;

static LOGIN system_access(const char *username) {
  LOGIN user = UNKNOWN;

  if ( strcmp(username, "root") == 0 )
    user = ADMIN;

  if ( strcmp(username, "friend") == 0 )
    user = GUEST;

  return user;
}

int identify_bad_user(const char * username)
{
    int r=0;

    switch( system_access(username) ) 
    {
    case ADMIN:
        r = 1;
        break;
    case GUEST:
        r = 2;
	break;
    default:
        printf("Invalid login credentials!\n");
    }

    printf("Welcome!\n");
    return r;
}

Check Information

Decidability: Decidable

Version History

Introduced in R2019a


1 Extracts from the standard "ISO/IEC TS 17961 Technical Specification - 2013-11-15" are reproduced with the agreement of AFNOR. Only the original and complete text of the standard, as published by AFNOR Editions - accessible via the website www.boutique.afnor.org - has normative value.