Description
This weakness reads a number to be used as a loop counter. The loop counter is initially read as an unsigned long, then converted to an int. If the number read in is larger than MAX_UINT, it is silently converted to a negative number. This breaks the loop counter logic, resulting in an infinite loop.
Metadata
- Base program: Subversion
- Source Taint: ENVIRONMENT_VARIABLE
- Data Type: SIMPLE
- Data Flow: ADDRESS_AS_VARIABLE
- Control Flow: SET_JUMP_LONG_JUMP
Flaws
Test Suites
Documentation
Have any comments on this test case? Please, send us an email.