...
Failing to account for all possibilities within a logic statement can lead to a corrupted running state, potentially resulting in unintentional information disclosure or abnormal termination.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MSC01-C | Medium | Probable | Medium | P8 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| missing-else switch-default | Partially checked | ||||||
Compass/ROSE |
Can detect some violations of this recommendation. In particular, it flags switch statements that do not have a default clause. ROSE should detect "fake switches" as well (that is, a chain of if (x > 0) {
/* ... */
} else if (x < 0) {
/* ... */
} else if (x == 0) {
/* ... */
}
| |||||||
GCC |
|
Can detect some violations of this recommendation when the | |||||||||
Helix QAC |
| C2000, C2002, C2004 | |||||||
Klocwork |
| CWARN.EMPTY. |
LABEL |
|
LDRA tool suite |
| 48 S, 59 S | Fully implemented | ||||||
Parasoft C/C++test |
Code does not execute
Default case is missing and may be reached
Code following control-flow statements
0597
1460
1470
1472
2000
2002
2004
| CERT_C-MSC01-a | All 'if...else-if' constructs shall be terminated with an 'else' clause The final clause of a switch statement shall be the default clause | |||||||
PC-lint Plus |
| 474, 744, 787, 9013 | Partially supported | ||||||
Polyspace Bug Finder |
| Checks for missing case for switch condition (rule partially covered) | |||||||
PVS-Studio |
| V517, V533, V534, V535, V556, V577, V590, V612, V695, V696, V719, V722, V747, V785, V786 | |||||||
RuleChecker |
| missing-else switch-default | Partially checked | ||||||
SonarQube C/C++ Plugin |
|
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ Coding Standard | VOID MSC01-CPP. Strive for logical completeness |
CERT Oracle Secure Coding Standard for Java | MSC57-J. Strive for logical completeness |
ISO/IEC TS 17961 | Use of an implied default in a switch statement [swtchdflt] |
ISO/IEC TR 24772 | Switch Statements and Static Analysis [CLL] |
Bibliography
[Hatton 1995] | Section 2.7.2, "Errors of Omission and Addition" |
[Viega 2005] | Section 5.2.17, "Failure to Account for Default Case in Switch" |
[Zadegan 2009] | "A Lesson on Infinite Loops" |
...
...