Package illustrating a test case

Test case 149145

Type: source code
Pairs: 149146-v1.0.0
State: bad
Author: NIST, Alexander Hoole, Aurelien Delaitre
Status: candidate
Language: C
Submission Date: 23 Mar 2015

Description

The test case shows how it is easy to get a buffer overflow if a string function is misused when argv contains tainted data.

Flaws

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Test Suites

C Test Suite for Source Code Analyzer v2 - Vulnerable

Have any comments on this test case? Please, send us an email.