This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "Race condition in switch"

Jump to: navigation, search
(Reverting to last version not containing links to
Line 1: Line 1:
[ autobahn vw parts
] [ what is the largest desert in asia
] [ kasperskiy antivirus
] [ 99bb asian4you
] [ automation de device net rockwell
] [ african crafts art work
] [ automobile insurance lead
] [ plantasia bolton ma
] [ stoncor africa
] [ sydney australia restaurants
] [ sitemap] [ photo gallery of african american micro braids] [ page] [ major banks in australia
] [ african napkin ring
] [ http] [ auto brake service
] [ automotive car accessory
] [ automobile customizing philadelphia
] [ australian folktales
] [ australian shepherd calendar
] [ av antivirus free
] [ invicta speedway automatic] [ south african beauty
] [ autodisconnect windows xp
] [ panda software antivirus online
] [ asia business business guide guide india s
] [ informed sources australia] [ south africa tourist office london
] [ immagration australia
] [ hog hollow south africa
] [ automated gui test
] [ download panda antivirus software
] [ steeda autosports
] [ african slave picture
] [ avg antivirus free software download
] [ telangiectasia and imiquimod
] [ art australia history
] [ download keygen norton antivirus 2005
] [ south african schools list
] [ sydney australia motels
] [ jmw auto sales
] [ angeles auto body los painting repair] [ asian footbal
] [ autocatalytic reactions
] [ automotive test lab
] [ mac antivirus download
] [ aid asian eu humanitarian

Latest revision as of 12:50, 3 June 2009


#REDIRECT Race Conditions

Last revision (mm/dd/yy): 06/3/2009


If the variable which is switched on is changed while the switch statement is still in progress, undefined activity may occur.


  • Undefined: This flaw will result in the system state going out of sync.

Exposure period

  • Implementation: Variable locking is the purview of implementers.


  • Languages: All that allow for multi-threaded activity
  • Operating platforms: All

Required resources




Likelihood of exploit


This issue is particularly important in the case of switch statements that involve fall-through style case statements - i.e., those which do not end with break.

If the variable which we are switching on change in the course of execution, the actions carried out may place the state of the process in a contradictory state or even result in memory corruption.

For this reason, it is important to ensure that all variables involved in switch statements are locked before the statement starts and are unlocked when the statement ends.

Risk Factors



In C/C++:

#include <sys/types.h>
#include <sys/stat.h>

int main(argc,argv){
        struct stat *sb;
        time_t timer;


        switch(sb->st_ctime % 2){
                case 0: printf("One option\n");break;
                case 1: printf("another option\n");break;
                default: printf("huh\n");break;

        return 0;

Related Attacks

Related Vulnerabilities

Related Controls

  • Implementation: Variables that may be subject to race conditions should be locked for the duration of any switch statements.

Related Technical Impacts