From a08a2014300a495381cdb8f6d59523bcd5d3b883 Mon Sep 17 00:00:00 2001 From: Daniel Boulby Date: Fri, 22 Jun 2018 14:16:03 +0100 Subject: Ensure the flow through switch statements is clear Ensure case clauses: * Terminate with an unconditional break, return or goto statement. * Use conditional break, return or goto statements as long as the end of the case clause is unreachable; such case clauses must terminate with assert(0) /* Unreachable */ or an unconditional __dead2 function call * Only fallthough when doing otherwise would result in less readable/maintainable code; such case clauses must terminate with a /* Fallthrough */ comment to make it clear this is the case and indicate that a fallthrough is intended. This reduces the chance of bugs appearing due to unintended flow through a switch statement Change-Id: I70fc2d1f4fd679042397dec12fd1982976646168 Signed-off-by: Daniel Boulby --- lib/libc/printf.c | 1 + lib/libc/snprintf.c | 2 ++ 2 files changed, 3 insertions(+) (limited to 'lib') diff --git a/lib/libc/printf.c b/lib/libc/printf.c index 4480e94db..d50876d75 100644 --- a/lib/libc/printf.c +++ b/lib/libc/printf.c @@ -166,6 +166,7 @@ loop: padn = (padn * 10) + (ch - '0'); fmt++; } + assert(0); /* Unreachable */ default: /* Exit on any other format specifier */ return -1; diff --git a/lib/libc/snprintf.c b/lib/libc/snprintf.c index 9bc07b2cb..66a2fa2f5 100644 --- a/lib/libc/snprintf.c +++ b/lib/libc/snprintf.c @@ -4,6 +4,7 @@ * SPDX-License-Identifier: BSD-3-Clause */ +#include #include #include #include @@ -117,6 +118,7 @@ int snprintf(char *s, size_t n, const char *fmt, ...) ERROR("snprintf: specifier with ASCII code '%d' not supported.", *fmt); plat_panic_handler(); + assert(0); /* Unreachable */ } fmt++; continue; -- cgit v1.2.3