National Institute of Standards and Technology
Package illustrating a test case

Test case 149362

Description

This test case reads the taint source. If the length of the taint source is 63 bytes or less, it allocates a buffer to copy the taint source into. It then copies the taint source into the buffer, regardless of whether it actually allocated any memory or not. If it did not allocate memory, the buffer pointer is still NULL, and this causes a NULL pointer dereference.
Metadata
- Base program: Subversion
- Source Taint: ENVIRONMENT_VARIABLE
- Data Type: SIMPLE
- Data Flow: BUFFER_ADDRESS_POINTER
- Control Flow: CALLBACK

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.