CWE-365 "Race Condition in Switch" is not applicable to C/C++

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

CWE-365 "Race Condition in Switch" is not applicable to C/C++

Fulvio Baccaglini
The description of CWE-365 is "The code contains a switch statement in
which the switched variable can be modified while the switch is still
executing, resulting in unexpected behavior."

This description, and the Demonstrative Example 1 for C, suggest that
the controlling expression of a switch statement can be evaluated
multiple times.

However, the applicable paragraphs from the ISO C11 standard suggest
that it is evaluated only once:

[C11-6.8.4.2-5] The switch statement - "The integer promotions are
performed on the controlling expression. The constant expression in
each case label is converted to the promoted type of the controlling
expression. If a converted value matches that of the promoted
controlling expression, control jumps to the statement following the
matched case label. Otherwise, if there is a default label, control
jumps to the labeled statement. If no converted case constant
expression matches and there is no default label, no part of the switch
body is executed."

[C11-6.8.6.3] The break statement - "A break statement terminates
execution of the smallest enclosing switch or iteration statement."

This is also the case for C++ (so that CWE-365 should not be part of
the CWE-659 View: Weaknesses in Software Written in C++).

(I am advised that also in Java and C# the controlling expression would
be evaluated only once).

Fulvio


Reply | Threaded
Open this post in threaded view
|

RE: CWE-365 "Race Condition in Switch" is not applicable to C/C++

Andrew Buttner
Administrator
Is there anyone else on the list that can confirm or shed some light onto this
issue?  The CWE was taken from CLASP back in the early days of CWE.  Is it
possible that this weakness affected earlier versions of C?

Thanks
Drew


-----Original Message-----
From: Fulvio Baccaglini <[hidden email]>
Sent: Friday, August 31, 2018 9:54 AM
To: CWE Research Discussion <[hidden email]>
Subject: CWE-365 "Race Condition in Switch" is not applicable to C/C++

The description of CWE-365 is "The code contains a switch statement in which
the switched variable can be modified while the switch is still executing,
resulting in unexpected behavior."

This description, and the Demonstrative Example 1 for C, suggest that the
controlling expression of a switch statement can be evaluated multiple times.

However, the applicable paragraphs from the ISO C11 standard suggest that it
is evaluated only once:

[C11-6.8.4.2-5] The switch statement - "The integer promotions are performed
on the controlling expression. The constant expression in each case label is
converted to the promoted type of the controlling expression. If a converted
value matches that of the promoted controlling expression, control jumps to
the statement following the matched case label. Otherwise, if there is a
default label, control jumps to the labeled statement. If no converted case
constant expression matches and there is no default label, no part of the
switch body is executed."

[C11-6.8.6.3] The break statement - "A break statement terminates execution of
the smallest enclosing switch or iteration statement."

This is also the case for C++ (so that CWE-365 should not be part of the
CWE-659 View: Weaknesses in Software Written in C++).

(I am advised that also in Java and C# the controlling expression would be
evaluated only once).

Fulvio



smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: CWE-365 "Race Condition in Switch" is not applicable to C/C++

Fulvio Baccaglini
Hi Drew,

Tracking those C11 paragraphs back to earlier C standards:

ISO C99 has the same wording and paragraph numbers as ISO C11:
[C99-6.8.4.2-5] and [C99-6.8.6.3-2]. See for instance draft N1256 from
the ISO C WG14 standards page.

ISO C90 also has the same wording, except that it uses the term
"integral promotions" instead of "integer promotions" to express the
same concept. Section references are:
[C90-6.6.4.2] and [C90-6.6.6.3].

Before ISO C there was the ANSI C standard (1989), and my understanding
is that it can be considered equivalent to ISO C90.

Fulvio


On Tue, 2018-09-11 at 16:54 +0000, Buttner, Drew wrote:

> Is there anyone else on the list that can confirm or shed some light
> onto this 
> issue?  The CWE was taken from CLASP back in the early days of
> CWE.  Is it 
> possible that this weakness affected earlier versions of C?
>
> Thanks
> Drew
>
>
> -----Original Message-----
> From: Fulvio Baccaglini <[hidden email]>
> Sent: Friday, August 31, 2018 9:54 AM
> To: CWE Research Discussion <[hidden email]>
> Subject: CWE-365 "Race Condition in Switch" is not applicable to
> C/C++
>
> The description of CWE-365 is "The code contains a switch statement
> in which 
> the switched variable can be modified while the switch is still
> executing, 
> resulting in unexpected behavior."
>
> This description, and the Demonstrative Example 1 for C, suggest that
> the 
> controlling expression of a switch statement can be evaluated
> multiple times.
>
> However, the applicable paragraphs from the ISO C11 standard suggest
> that it 
> is evaluated only once:
>
> [C11-6.8.4.2-5] The switch statement - "The integer promotions are
> performed 
> on the controlling expression. The constant expression in each case
> label is 
> converted to the promoted type of the controlling expression. If a
> converted 
> value matches that of the promoted controlling expression, control
> jumps to 
> the statement following the matched case label. Otherwise, if there
> is a 
> default label, control jumps to the labeled statement. If no
> converted case 
> constant expression matches and there is no default label, no part of
> the 
> switch body is executed."
>
> [C11-6.8.6.3] The break statement - "A break statement terminates
> execution of 
> the smallest enclosing switch or iteration statement."
>
> This is also the case for C++ (so that CWE-365 should not be part of
> the 
> CWE-659 View: Weaknesses in Software Written in C++).
>
> (I am advised that also in Java and C# the controlling expression
> would be 
> evaluated only once).
>
> Fulvio
>
>