Back to the previous page

Test Case ID	15
Bad / Good	Bad
Author	N/A
Associated test case	N/A
Contributor	SecureSoftware
Language	C
Type of test case	Source Code

Input string	N/A
Expected Output	N/A
Instructions	N/A
Submission date	2005-10-21
Description	A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as the POSIX malloc() call. (from TCCLASP-5_2_4_10)
Filename	./Heap_overflow.c (123 bytes)
Flaw	CWE-122: Heap-based Buffer Overflow at line 5 + Root CWE-019: Data Handling CWE-118: Improper Access of Indexable Resource (Range Error) CWE-119: Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer CWE-120: Buffer Copy without Checking Size of Input CWE-122: Heap-based Buffer Overflow

>./Heap_overflow.c

#define BUFSIZE 256
int main(int argc, char **argv) {
char *buf;
buf = (char *)malloc(BUFSIZE);
strcpy(buf, argv[1]);
}
 
 
 
 