Description
This weakness reads a number to be used as a loop counter. The loop counter is initially read as an unsigned long, then converted to an int. If the number read in is larger than MAX_UINT, it is silently converted to a negative number. This breaks the loop counter logic, resulting in an infinite loop.
Metadata
- Base program: Subversion
- Source Taint: FILE_CONTENTS
- Data Type: TYPEDEF
- Data Flow: ADDRESS_AS_CONSTANT
- Control Flow: SEQUENCE
Flaws
Test Suites
Documentation
Have any comments on this test case? Please, send us an email.