Description
This test case converts a user string to a short, and then converts that short to an unsigned int. If the short is negative, this will result in unexpected sign extension. The unsigned int value is used to determine how much data to read from a file, resulting in massive buffer overwrite if the file is large and the original input was negative.
Metadata
- Base program: FFmpeg
- Source Taint: SOCKET
- Data Type: SIMPLE
- Data Flow: INDEX_ALIAS_1
- Control Flow: SET_JUMP_LONG_JUMP
Flaws
Test Suites
Documentation
Have any comments on this test case? Please, send us an email.