National Institute of Standards and Technology
Package illustrating a test case

Test case 62638

Description

CWE: 121 Stack Based Buffer Overflow
BadSource: fscanf Read data from the console using fscanf()
GoodSource: Larger than zero but less than 10
Sinks:
GoodSink: Ensure the array index is valid
BadSink : Improperly check the array index by not checking the upper bound
Flow Variant: 43 Data flow: data flows using a C++ reference from one function to another in the same source file

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.