logo

Omitted Break Statement in Switch

Draft Base
Structure: Simple
Description

This vulnerability occurs when a developer forgets to include a 'break' statement inside a switch-case block. Without it, the code execution 'falls through' and unintentionally runs the logic for subsequent cases, leading to unexpected behavior.

Extended Description

A missing 'break' statement causes a switch block to fail its primary purpose: executing one distinct code path. Instead, it cascades from the matched case into the code for the cases below it. This 'fall-through' behavior is a common logic error that can bypass critical security checks, corrupt data, or trigger functions that should only run under specific conditions. While some languages allow intentional fall-through for specific patterns, omitting 'break' by mistake is a frequent source of bugs. To prevent this, developers should adopt a defensive coding style, such as always adding a 'break' as the default action and using linter rules to flag missing statements. Explicitly commenting any intentional fall-throughs makes the code safer and more maintainable.
Common Consequences 1
Scope: Other

Impact: Alter Execution Logic

This weakness can cause unintended logic to be executed and other unexpected application behavior.
Detection Methods 3
White Box
Omission of a break statement might be intentional, in order to support fallthrough. Automated detection methods might therefore be erroneous. Semantic understanding of expected product behavior is required to interpret whether the code is correct.
Black Box
Since this weakness is associated with a code construct, it would be indistinguishable from other errors that produce the same behavior.
Automated Static AnalysisHigh
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Potential Mitigations 2
Phase: Implementation
Omitting a break statement so that one may fall through is often indistinguishable from an error, and therefore should be avoided. If you need to use fall-through capabilities, make sure that you have clearly documented this within the switch statement, and ensure that you have examined all the logical possibilities.
Phase: Implementation
The functionality of omitting a break statement could be clarified with an if statement. This method is much safer.
Demonstrative Examples 1

ID : DX-182

In both of these examples, a message is printed based on the month passed into the function:

Code Example:

Bad
Java
java

Code Example:

Bad
C
c
Both examples do not use a break statement after each case, which leads to unintended fall-through behavior. For example, calling "printMessage(10)" will result in the text "OctoberNovemberDecember is a great month" being printed.
References 2
The CLASP Application Security Process
Secure Software, Inc.
2005
https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf(2024-11-17)
ID: REF-18
The Art of Software Security Assessment
Mark Dowd, John McDonald, and Justin Schuh
Addison Wesley
2006
ID: REF-62
Likelihood of Exploit

Medium

Applicable Platforms
Languages:
C : UndeterminedC++ : UndeterminedJava : UndeterminedC# : UndeterminedPHP : Undetermined
Modes of Introduction
Implementation
Related Weaknesses
ChildOf: Improper Adherence to Coding Standards (CWE-710)
ChildOf: Always-Incorrect Control Flow Implementation (CWE-670)
Taxonomy Mapping
  • CLASP
  • Software Fault Patterns