Missing break statement in switch construct
Description
The software omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the programmer only intended to execute code associated with one condition.
Examples
Insecure Code
c
switch (x) { case 1: printf("one"); case 2: printf("two"); }Secure Code
c
switch (x) { case 1: printf("one"); break; case 2: printf("two"); break; }Remediation
Add a break statement after each case in the switch construct to prevent fallthrough.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0227 |
| Category | Generic |
| Severity | MEDIUM |
| CWE | CWE-484 |
| Confidence | LOW |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | |
| OWASP | N/A |
References
- https://github.com/struct/mms
- https://github.com/returntocorp/semgrep/issues/4939
- https://cwe.mitre.org/data/definitions/484
- https://g.co/kgs/PCHQjJ