Difference between revisions of "Omitted break statement"

Jump to: navigation, search
(Reverting to last version not containing links to www.textcnaleto.com)
(One intermediate revision by the same user not shown)
Line 1: Line 1:
[http://s1.shard.jp/bireba/antivirus-f-prot.html antivirus internet worm protection signature
] [http://s1.shard.jp/olharder/autoroll-654.html sitemap] [http://s1.shard.jp/losaul/the-australian.html air compressor australia
] [http://s1.shard.jp/frhorton/ns971gffq.html african story
] [http://s1.shard.jp/losaul/wholesale-australian.html australia dating perth
] [http://s1.shard.jp/bireba/nortan-antivirus.html symantics antivirus
] [http://s1.shard.jp/frhorton/ru9zwzdr5.html african american church directory florida in orlando
] [http://s1.shard.jp/frhorton/rkgv2463v.html african grey breeders in ontario
] [http://s1.shard.jp/olharder/seiko-titanium-kinetic.html autocollimator tutorial
] [http://s1.shard.jp/olharder/automobile-get.html lees auto
] [http://s1.shard.jp/olharder/autoroll-654.html top] [http://s1.shard.jp/losaul/music-therapy-courses.html postal charges australia
] [http://s1.shard.jp/bireba/symantec-antivirus.html avg antivirus registration
] [http://s1.shard.jp/losaul/aboriginal-names.html aboriginal names australia] [http://s1.shard.jp/olharder/chery-automobile.html chery automobile co] [http://s1.shard.jp/bireba/antivirus-appliance.html symantics norton antivirus
] [http://s1.shard.jp/galeach/new183.html ilford printasia photo paper
] [http://s1.shard.jp/olharder/canadian-auto.html cherry china auto
] [http://s1.shard.jp/galeach/new80.html adult asian free movie woman
] [http://s1.shard.jp/bireba/antivirus-avg7.html symantec antivirus client removal tool
] [http://s1.shard.jp/frhorton/jaqhtnv6f.html south africa apartments for sale
] [http://s1.shard.jp/olharder/automated-vehicle.html automobile complaints
] [http://s1.shard.jp/olharder/autoroll-654.html page] [http://s1.shard.jp/frhorton/pp3b7gffd.html charity children africa] [http://s1.shard.jp/losaul/australia-funniest.html listera australis
] [http://s1.shard.jp/olharder/collective-unconscious.html collective unconscious autonomic nervous system] [http://s1.shard.jp/frhorton/sofu2962u.html rosebank college south africa
] [http://s1.shard.jp/olharder/brandon-auto.html autograph evolution star war
] [http://s1.shard.jp/galeach/new23.html asian bedroom themes
] [http://s1.shard.jp/losaul/desert-map-of-australia.html business lists australia
] [http://s1.shard.jp/losaul/australia-bank.html galderma australia pty ltd
] [http://s1.shard.jp/frhorton/1tzcpt1xe.html book on south africa
] [http://s1.shard.jp/olharder/pyles-auto-sales.html auto plus relocation
] [http://s1.shard.jp/galeach/new59.html asian male models portfolio
] [http://s1.shard.jp/olharder/auto-panel-plus.html automotive security system viper
] [http://s1.shard.jp/olharder/autocad-2005-serial.html bajaj auto india website
] [http://s1.shard.jp/bireba/antivirus-software.html top ten antivirus program
] [http://s1.shard.jp/galeach/new74.html asian cinemas
] [http://s1.shard.jp/losaul/multiplex-group.html cronulla beach australia day
] [http://s1.shard.jp/olharder/autoroll-654.html page] [http://s1.shard.jp/frhorton/9df15nbui.html alamo car hire south africa
] [http://s1.shard.jp/olharder/autoroll-654.html map] [http://s1.shard.jp/olharder/lisa-lopez-autopsy.html automobile dealer association
] [http://s1.shard.jp/bireba/antiviruscom.html antivirus servers
] [http://s1.shard.jp/frhorton/q5ck3w5jf.html hire cars south africa
] [http://s1.shard.jp/losaul/jamsteraustraliaautomarketsolcomau.html the sebel pier one sydney australia
] [http://s1.shard.jp/bireba/symantec-antivirus.html avg antivirus 7 crack
] [http://s1.shard.jp/galeach/new174.html gaping asian holes

Latest revision as of 13:29, 27 May 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 05/27/2009

Vulnerabilities Table of Contents


Omitting a break statement so that one may fall through is often indistinguishable from an error, and therefore should not be used.



Exposure period

  • Pre-design through Build: The use of tools to detect this problem is recommended.
  • Implementation: Many logic errors can lead to this condition. It can be exacerbated by lack of or misuse of mitigating technologies


  • Languages: C/C++/Java
  • Operating platforms: Any

Required resources




Likelihood of exploit


While most languages with similar constructs automatically run only a single branch, C and C++ are different. This has bitten many programmers, and can lead to critical code executing in situations where it should not.

Risk Factors




    int month = 8;
        switch (month) {
            case 1:  print("January");
            case 2:  print("February");
            case 3:  print("March");
            case 4:  print("April");
            case 5:  println("May");
            case 6:  print("June");
            case 7:  print("July");
            case 8:  print("August");
            case 9:  print("September");
            case 10: print("October");
            case 11: print("November");
            case 12: print("December");
        println(" is a great month");


Is identical if one replaces print with printf or cout.

One might think that if they just tested case12, it will display that the respective month "is a great month." However, if one tested November, one notice that it would display "November December is a great month."

Related Attacks

Related Vulnerabilities

Related Controls

  • Pre-design through Build: Most static analysis programs should be able to catch these errors.
  • Implementation: The functionality of omitting a break statement could be clarified with an if statement. This method is much safer.

Related Technical Impacts