Description
This test case takes a filename. It determines the size of the file, and attempts to check whether the size of the file is smaller than 128 characters. The arithmetic used in the if-check may cause an integer underflow, which will result in the if-check succeeding when it should fail. If the if-check succeeds after an integer underflow, a large amount of data is copied into a small (128-character) buffer on the stack. This will overwrite memory on the stack, resulting in segmentation fault upon return from the function.
Metadata
- Base program: Subversion
- Source Taint: ENVIRONMENT_VARIABLE
- Data Type: UNION
- Data Flow: ADDRESS_AS_FUNCTION_RETURN_VALUE
- Control Flow: INTERPROCEDURAL_10
Flaws
Test Suites
Apache Subversion 1.8.3
IARPA STONESOUP Phase 3 - Test Cases
Documentation
Have any comments on this test case? Please, send us an email.