...
Noncompliant Code Example (switch)
The following This noncompliant code example fails to consider all possible cases. Failure to account for all valid values of type Color will result in a logic error. Because valid values of an enumerated type include all those of its underlying integer type, unless enumeration constants have been provided for all those values, the default label is appropriate and necessary.
...
Compliant Solution (switch)
The following This compliant solution takes care to provide the default label to handle all valid values of type Color:
...
Note that adding a default case to a switch statement, even when all possible switch labels are specified, is an exception (MSC07-C-EX1) to MSC07-C. Detect and remove dead code.
...
Failing to account for all possibilities within a logic statement can lead to a corrupted running state, potentially resulting in unintentional information disclosure or abnormal termination.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC01-C | Medium | Probable | Medium | P8 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| missing-else switch-default | Partially checked | ||||||
| Compass/ROSE |
Can detect some violations of this recommendation. In particular, it flags switch statements that do not have a default clause. ROSE should detect "fake switches" as well (that is, a chain of if (x > 0) {
/* ... */
} else if (x < 0) {
/* ... */
} else if (x == 0) {
/* ... */
}
| |||||||
| GCC |
|
Can detect some violations of this recommendation when the |
| Helix QAC |
| C2000, C2002, C2004 | |||||||
| Klocwork |
|
CWARN.EMPTY.LABEL |
| |||||||
| LDRA tool suite |
|
| 48 S, 59 S | Fully implemented |
0597
1460
1470
1472
2002
2004
| Parasoft C/C++test |
| CERT_C-MSC01-a | All 'if...else-if' constructs shall be terminated with an 'else' clause The final clause of a switch statement shall be the default clause | ||||||
| PC-lint Plus |
| 474, 744, 787, 9013 | Partially supported | ||||||
| Polyspace Bug Finder |
| Checks for missing case for switch condition (rule partially covered) | |||||||
| PVS-Studio |
| V517, V533, V534, V535, V556, V577, V590, V612, V695, V696, V719, V722, V747, V785, V786 | |||||||
| RuleChecker |
| missing-else switch-default | Partially checked | ||||||
| SonarQube C/C++ Plugin |
|
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ |
| Coding Standard | VOID MSC01-CPP. Strive for logical completeness |
| CERT Oracle Secure Coding Standard for Java | MSC57-J. Strive for logical completeness |
| ISO/IEC TS 17961 | Use of an implied default in a switch statement [swtchdflt] |
| ISO/IEC TR 24772 | Switch Statements and Static Analysis [CLL] |
Bibliography
| [Hatton 1995] | Section 2.7.2, "Errors of Omission and Addition" |
| [Viega 2005] | Section 5.2.17, "Failure to Account for Default Case in Switch" |
| [Zadegan 2009] | "A Lesson on Infinite Loops" |
...
...