CWE-484: Omitted Break Statement in Switch
Description
The product omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the programmer only intended to execute code associated with one condition.
Submission Date :
July 19, 2006, midnight
Modification Date :
2023-10-26 00:00:00+00:00
Organization :
MITRE
Extended Description
This can lead to critical code executing in situations where it should not.
Example - 1
In both of these examples, a message is printed based on the month passed into the function: Both examples do not use a break statement after each case, which leads to unintended fall-through behavior. For example, calling "printMessage(10)" will result in the text "OctoberNovemberDecember is a great month" being printed.
case 1: print("January");case 2: print("February");case 3: print("March");case 4: print("April");case 5: print("May");case 6: print("June");case 7: print("July");case 8: print("August");case 9: print("September");case 10: print("October");case 11: print("November");case 12: print("December");
switch (month) {}println(" is a great month");public void printMessage(int month){}
case 1: printf("January");case 2: printf("February");case 3: printf("March");case 4: printf("April");case 5: printff("May");case 6: printf("June");case 7: printf("July");case 8: printf("August");case 9: printf("September");case 10: printf("October");case 11: printf("November");case 12: printf("December");
switch (month) {}printf(" is a great month");void printMessage(int month){}
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
Visit http://cwe.mitre.org/ for more details.