Description
This test case takes a filename. It determines the size of the file, and attempts to check whether the size of the file is smaller than 128 characters. The arithmetic used in the if-check may cause an integer underflow, which will result in the if-check succeeding when it should fail. If the if-check succeeds after an integer underflow, a large amount of data is copied into a small (128-character) buffer on the stack. This will overwrite memory on the stack, resulting in segmentation fault upon return from the function.
Metadata
- Base program: Subversion
- Source Taint: SOCKET
- Data Type: TYPEDEF
- Data Flow: ADDRESS_AS_VARIABLE
- Control Flow: UNCONDITIONAL_JUMP
Flaws
Test Suites
Documentation
Have any comments on this test case? Please, send us an email.