This test case reads the taint source, and converts it to an integer, then an unsigned int. It uses a wrapped malloc to allocate a buffer of the size specified by the taint source. If the size is greater than 512, the wrapped malloc returns NULL. The program attempts to use the buffer, and if the buffer is NULL, this causes a segmentation fault.
- Base program: Subversion
- Source Taint: SOCKET
- Data Type: STRUCT
- Data Flow: ADDRESS_AS_LINEAR_EXPRESSION
- Control Flow: CALLBACK
Have any comments on this test case? Please, send us an email.