Ensure the flow through switch statements is clear

Ensure case clauses: * Terminate with an unconditional break, return or goto statement. * Use conditional break, return or goto statements as long as the end of the case clause is unreachable; such case clauses must terminate with assert(0) /* Unreachable */ or an unconditional __dead2 function call * Only fallthough when doing otherwise would result in less readable/maintainable code; such case clauses must terminate with a /* Fallthrough */ comment to make it clear this is the case and indicate that a fallthrough is intended. This reduces the chance of bugs appearing due to unintended flow through a switch statement Change-Id: I70fc2d1f4fd679042397dec12fd1982976646168 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
2025-05-09 02:51:21 +00:00 · 2018-06-22 14:16:03 +01:00 · 2018-06-22 14:16:03 +01:00 · a08a201430
commit a08a201430
parent e52ed092cd
9 changed files with 16 additions and 9 deletions
--- a/lib/libc/printf.c
+++ b/lib/libc/printf.c
@ -166,6 +166,7 @@ loop:
 					padn = (padn * 10) + (ch - '0');
 					fmt++;
 				}
+				assert(0); /* Unreachable */
 			default:
 				/* Exit on any other format specifier */
 				return -1;
--- a/lib/libc/snprintf.c
+++ b/lib/libc/snprintf.c
@ -4,6 +4,7 @@
 * SPDX-License-Identifier: BSD-3-Clause
 */

+#include <assert.h>
 #include <debug.h>
 #include <platform.h>
 #include <stdarg.h>
@ -117,6 +118,7 @@ int snprintf(char *s, size_t n, const char *fmt, ...)
 				ERROR("snprintf: specifier with ASCII code '%d' not supported.",
 				      *fmt);
 				plat_panic_handler();
+				assert(0); /* Unreachable */
 			}
 			fmt++;
 			continue;