This test case implements a non-reentrant function that uses a static integer to iterate through a string setting each character to null. The test case takes a control integer and an input string. The control integer is used for timing within the test case to ensure that we hit either a good or bad case, and the input string is used as shared data for the threads to act upon. When executing, the test case spawns two threads which both in turn call a non-reentrant function that iterates through the input string using a static integer as a counter. If both threads enter the function within a significantly small time frame the static integer will get incremented twice for each position in the string overflowing the array and overwriting the free() struct causing a segfault when the memory is free()'d.
- Base program: Subversion
- Source Taint: FILE_CONTENTS
- Data Type: STRUCT
- Data Flow: BUFFER_ADDRESS_POINTER
- Control Flow: POINTER_TO_FUNCTION
Have any comments on this test case? Please, send us an email.