Description
This test takes in a char value from a taint source. The value is cast to a byte causing an unsigned to signed conversion. This value is then used to allocate an array. If the original char is >127 this will lead to a negative index for the array causing a NegativeArraySizeException.
Metadata
- Base program: Apache Lenya
- Source Taint: FILE_CONTENTS
- Data Type: VOID_POINTER
- Data Flow: INDEX_ALIAS_1
- Control Flow: INFINITE_LOOP
Flaws
Test Suites
Have any comments on this test case? Please, send us an email.