Omitted Break Statement in Switch

The product omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the programmer only intended to execute code associated with one condition.


Description

This can lead to critical code executing in situations where it should not.

Demonstrations

The following examples help to illustrate the nature of this weakness and describe methods or techniques which can be used to mitigate the risk.

Note that the examples here are by no means exhaustive and any given weakness may have many subtle varieties, each of which may require different detection methods or runtime controls.

Example One

In both of these examples, a message is printed based on the month passed into the function:

public void printMessage(int month){

  switch (month) {


    case 1: print("January");
    case 2: print("February");
    case 3: print("March");
    case 4: print("April");
    case 5: print("May");
    case 6: print("June");
    case 7: print("July");
    case 8: print("August");
    case 9: print("September");
    case 10: print("October");
    case 11: print("November");
    case 12: print("December");

  }
  println(" is a great month");

}
void printMessage(int month){

  switch (month) {


    case 1: printf("January");
    case 2: printf("February");
    case 3: printf("March");
    case 4: printf("April");
    case 5: printff("May");
    case 6: printf("June");
    case 7: printf("July");
    case 8: printf("August");
    case 9: printf("September");
    case 10: printf("October");
    case 11: printf("November");
    case 12: printf("December");

  }
  printf(" is a great month");

}

Both examples do not use a break statement after each case, which leads to unintended fall-through behavior. For example, calling "printMessage(10)" will result in the text "OctoberNovemberDecember is a great month" being printed.

See Also

Comprehensive Categorization: Poor Coding Practices

Weaknesses in this category are related to poor coding practices.

CISQ Quality Measures - Maintainability

Weaknesses in this category are related to the CISQ Quality Measures for Maintainability. Presence of these weaknesses could reduce the maintainability of the software.

CISQ Quality Measures - Reliability

Weaknesses in this category are related to the CISQ Quality Measures for Reliability. Presence of these weaknesses could reduce the reliability of the software.

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

Quality Weaknesses with Indirect Security Impacts

CWE identifiers in this view (slice) are quality issues that only indirectly make it easier to introduce a vulnerability and/or make the vulnerability more difficult t...

CWE Cross-section

This view contains a selection of weaknesses that represent the variety of weaknesses that are captured in CWE, at a level of abstraction that is likely to be useful t...


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.