This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "Race condition in switch"

Jump to: navigation, search
(Reverting to last version not containing links to
Line 1: Line 1:
[ asian american artists ] [ online toy shop australia ] [ camtasia 2.1.1 serial ] [ timeline on african americans music ] [ url] [ coin op australia ] [ link] [ asian filipina lady pal pen ] [ top] [ semi auto sten gun ] [ ostrich farms in south africa ] [ virus and antivirus ] [ grand theft auto vice city money cheat ] [ avg 6.0 antivirus serial number] [ norten antivirus download ] [ top] [ recent inventions by african americans ] [ timeshare south africa ] [ ravantivirus update] [ http] [ african lioness ] [ best asian massage ] [ electrical suppliers south africa ] [ how to completely remove norton antivirus 2004 ] [ index] [ vodafone prepaid deals australia ] [ smiths beach western australia ] [ robert kennedy speech south africa ] [ asian previews.isa ] [ asia in tallest woman ] [ budget vacations asia ] [ autoridad de definicion ] [ domain] [ african american for girl hair style little ] [ openantivirus ] [ asian gift collectible ] [ job agencies sydney australia] [ link] [ update for avg antivirus ] [ automated imaging association ] [ african american ghana immigration] [ antivirus linux freeware ] [ automatic skeet throwers ] [ asian newcomer ] [ australias holidays ] [ manatoba auto racing ] [ sex club asian girl ] [ etrust ez antivirus review ] 

Revision as of 18:00, 29 May 2009


#REDIRECT Race Conditions

Last revision (mm/dd/yy): 05/29/2009


If the variable which is switched on is changed while the switch statement is still in progress, undefined activity may occur.


  • Undefined: This flaw will result in the system state going out of sync.

Exposure period

  • Implementation: Variable locking is the purview of implementers.


  • Languages: All that allow for multi-threaded activity
  • Operating platforms: All

Required resources




Likelihood of exploit


This issue is particularly important in the case of switch statements that involve fall-through style case statements - i.e., those which do not end with break.

If the variable which we are switching on change in the course of execution, the actions carried out may place the state of the process in a contradictory state or even result in memory corruption.

For this reason, it is important to ensure that all variables involved in switch statements are locked before the statement starts and are unlocked when the statement ends.

Risk Factors



In C/C++:

#include <sys/types.h>
#include <sys/stat.h>

int main(argc,argv){
        struct stat *sb;
        time_t timer;


        switch(sb->st_ctime % 2){
                case 0: printf("One option\n");break;
                case 1: printf("another option\n");break;
                default: printf("huh\n");break;

        return 0;

Related Attacks

Related Vulnerabilities

Related Controls

  • Implementation: Variables that may be subject to race conditions should be locked for the duration of any switch statements.

Related Technical Impacts