Race Condition in Switch
Weakness ID: 365 (Weakness Base)Status: Draft
+ Description

Description Summary

The code contains a switch statement in which the switched variable can be modified while the switch is still executing, resulting in unexpected behavior.
+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

C

C++

Java

.NET

+ Common Consequences
ScopeEffect

This flaw will result in the system state going out of sync.

+ Likelihood of Exploit

Medium

+ Demonstrative Examples

Example 1

(Bad Code)
Example Languages: C and C++ 
#include <sys/types.h>
#include <sys/stat.h>
int main(argc,argv){
struct stat *sb;
time_t timer;
lstat("bar.sh",sb);
printf("%d\n",sb->st_ctime);
switch(sb->st_ctime % 2){
case 0: printf("One option\n");
break;
case 1: printf("another option\n");
break;
default: printf("huh\n");
break;
}
return 0;
}
+ Potential Mitigations

Phase: Implementation

Variables that may be subject to race conditions should be locked for the duration of any switch statements.

+ Other Notes

This issue is particularly important in the case of switch statements that involve fall-through style case statements -- ie., those which do not end with break. If the variable which we are switching on change in the course of execution, the actions carried out may place the state of the process in a contradictory state or even result in memory corruption. For this reason, it is important to ensure that all variables involved in switch statements are locked before the statement starts and are unlocked when the statement ends.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class362Race Condition
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory748CERT C Secure Coding Section 50 - POSIX (POS)
Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
PeerOfWeakness BaseWeakness Base364Signal Handler Race Condition
Research Concepts1000
PeerOfWeakness BaseWeakness Base366Race Condition within a Thread
Research Concepts1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CLASPRace condition in switch
CERT C Secure CodingPOS35-CAvoid race conditions while checking for the existence of a symbolic link
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
CLASPExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Applicable Platforms, Common Consequences, Relationships, Other Notes, Taxonomy Mappings
2008-11-24CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
Back to top