Package illustrating a test case

Test case 149407

Description

This test case reads the taint source, and converts it to an integer, then an unsigned int. It uses a wrapped malloc to allocate a buffer of the size specified by the taint source. If the size is greater than 512, the wrapped malloc returns NULL. The program attempts to use the buffer, and if the buffer is NULL, this causes a segmentation fault.
Metadata
- Base program: Subversion
- Source Taint: ENVIRONMENT_VARIABLE
- Data Type: HEAP_POINTER
- Data Flow: ADDRESS_AS_CONSTANT
- Control Flow: INDIRECTLY_RECURSIVE

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.