Test case 150778

Type: source code
State: bad
Author: IARPA STONESOUP Test and Evaluation team
Status: candidate
Language: C
Application: cpe:2.3:a:postgresql:postgresql:9.2.4:*:*:*:*:*:*:*
Submission Date: 06 Oct 2015

Description

This weakness reads a number to be used as a loop counter. The loop counter is initially read as an unsigned long, then converted to an int. If the number read in is larger than MAX_UINT, it is silently converted to a negative number. This breaks the loop counter logic, resulting in an infinite loop.
Metadata
- Base program: PostgreSQL
- Source Taint: SOCKET
- Data Type: HEAP_POINTER
- Data Flow: BUFFER_ADDRESS_POINTER
- Control Flow: SET_JUMP_LONG_JUMP

Flaws

CWE-196 Unsigned to Signed Conversion Error

Test Suites

PostgreSQL 9.2.4
IARPA STONESOUP Phase 3 - Test Cases

Documentation

Overview.pdf
Test Case Creation Guide.pdf
Weaknesses Documentation.pdf
TEXAS User Guide.pdf
Communication API Guide.pdf
System Design Document.pdf
Test and Evaluation Phase 3 Final Report.pdf
Test Generation Report
Grammatech Report.pdf
MINESTRONE Report.pdf

Have any comments on this test case? Please, send us an email.