This test case reads the taint source. If it contains a non-alphanumeric value, the source taint buffer is set to NULL. Subsequently, strcpy is called with the source taint buffer as this source. This causes a null pointer dereference.
- Base program: Wireshark
- Source Taint: ENVIRONMENT_VARIABLE
- Data Type: VOID_POINTER
- Data Flow: INDEX_ALIAS_1
- Control Flow: POINTER_TO_FUNCTION
Have any comments on this test case? Please, send us an email.