Test case 1492

Type: source code
State: bad
Author: Robert C. Seacord
Status: candidate
Language: C++
Submission Date: 19 May 2006

Description

Defective string manipulation code. If the first argument exceeds 128 characters (including the null one) the program will write outside of the bounds of the fixed size array.
From "Secure Coding in C and C++" by Robert C. Seacord.
Page 32, Figure 2-8

Flaws

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-787 Out-of-bounds Write

Have any comments on this test case? Please, send us an email.