Always-Incorrect Control Flow Implementation |
Weakness ID: 670 (Weakness Class) | Status: Draft |
Description Summary
Extended Description
This weakness captures cases in which a particular code segment is always incorrect with respect to the algorithm that it is implementing. For example, if a C programmer intends to include multiple statements in a single block but does not include the enclosing braces (CWE-483), then the logic is always incorrect. This issue is in contrast to most weaknesses in which the code usually behaves correctly, except when it is externally manipulated in malicious ways.
This issue typically appears in rarely-tested code, since the "always-incorrect" nature will be detected as a bug during normal usage. |
Nature | Type | ID | Name | View(s) this relationship pertains to![]() |
---|---|---|---|---|
ChildOf | ![]() | 691 | Insufficient Control Flow Management | Research Concepts (primary)1000 |
ParentOf | ![]() | 480 | Use of Incorrect Operator | Research Concepts (primary)1000 |
ParentOf | ![]() | 483 | Incorrect Block Delimitation | Research Concepts (primary)1000 |
ParentOf | ![]() | 484 | Omitted Break Statement in Switch | Research Concepts (primary)1000 |
ParentOf | ![]() | 617 | Reachable Assertion | Research Concepts (primary)1000 |
ParentOf | ![]() | 698 | Redirect Without Exit | Research Concepts1000 |
ParentOf | ![]() | 783 | Operator Precedence Logic Error | Research Concepts (primary)1000 |
This node could possibly be split into lower-level nodes. "Early Return" is for returning control to the caller too soon (e.g., CWE-584). "Excess Return" is when control is returned too far up the call stack (CWE-600, CWE-395). "Improper control limitation" occurs when the product maintains control at a lower level of execution, when control should be returned "further" up the call stack (CWE-455). "Incorrect syntax" covers code that's "just plain wrong" such as CWE-484 and CWE-483. |
Modifications | ||||
---|---|---|---|---|
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Description, Relationships, Other Notes | ||||
2009-07-27 | CWE Content Team | MITRE | Internal | |
updated Maintenance Notes, Modes of Introduction, Other Notes, Relationships |