Main Content

CWE Rule 478

Missing Default Case in Multiple Condition Expression

Since R2023a

expand all in page

Description

Rule Description

The code does not have a default case in an expression with multiple conditions, such as a switch statement.

Polyspace Implementation

The rule checker checks for Missing case for switch condition.

Examples

expand all

Issue

This issue occurs when the switch variable can take values that are not covered by a case statement.

Note

Bug Finder only raises a defect if the switch variable is not full range.

Risk

If the switch variable takes a value that is not covered by a case statement, your program can have unintended behavior.

A switch-statement that makes a security decision is particularly vulnerable when all possible values are not explicitly handled. An attacker can use this situation to deviate the normal execution flow.

Fix

It is good practice to use a default statement as a catch-all for values that are not covered by a case statement. Even if the switch variable takes an unintended value, the resulting behavior can be anticipated.

Example — Missing Default Condition
#include <stdio.h>
#include <string.h>

typedef enum E
{
    ADMIN=1,
    GUEST,
    UNKNOWN = 0
} LOGIN;

static LOGIN system_access(const char *username) {
  LOGIN user = UNKNOWN;

  if ( strcmp(username, "root") == 0 )
    user = ADMIN;

  if ( strcmp(username, "friend") == 0 )
    user = GUEST;

  return user;
}

int identify_bad_user(const char * username)
{
    int r=0;

    switch( system_access(username) )  //Noncompliant
    {
    case ADMIN:
        r = 1;
        break;
    case GUEST:
        r = 2;
    }

    printf("Welcome!\n");
    return r;
}

In this example, the enum parameter User can take a value UNKNOWN that is not covered by a case statement.

Correction — Add a Default Condition

One possible correction is to add a default condition for possible values that are not covered by a case statement.

#include <stdio.h>
#include <string.h>

typedef enum E
{
    ADMIN=1,
    GUEST,
    UNKNOWN = 0
} LOGIN;

static LOGIN system_access(const char *username) {
  LOGIN user = UNKNOWN;

  if ( strcmp(username, "root") == 0 )
    user = ADMIN;

  if ( strcmp(username, "friend") == 0 )
    user = GUEST;

  return user;
}

int identify_bad_user(const char * username)
{
    int r=0;

    switch( system_access(username) ) 
    {
    case ADMIN:
        r = 1;
        break;
    case GUEST:
        r = 2;
	break;
    default:
        printf("Invalid login credentials!\n");
    }

    printf("Welcome!\n");
    return r;
}

Check Information

Category: Bad Coding Practices

Version History

Introduced in R2023a

See Also

Topics

External Websites