Do not declare variables inside a switch statement before the first case label.

Vulnerability and risk

Using test conditions or initializing variables before the first case statement in a switch block can result in unexpected behavior and undefined behavior.

Vulnerable code example

extern void f(int i);

void func(int expr) {
    switch (expr) {
        int i = 4;
    case 0:
        i = 17;
        /* Falls through into default code */
        printf("%d\n", i);

This noncompliant code example declares variables and contains executable statements before the first case label within the switch statement.