Test case 1514

Type: source code
State: bad
Author: Robert C. Seacord
Status: candidate
Language: C
Submission Date: 22 May 2006

Description

Buffer overflow vulnerability using sprintf() as a substitute of %s conversion specifier on line 42.
From "Secure Coding in C and C++" by Robert C. Seacord.
Page 214, Figure 6-6

Flaws

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Have any comments on this test case? Please, send us an email.