National Institute of Standards and Technology
Package illustrating a test case

Test case 83337

Description

CWE: 190 Integer Overflow
BadSource: fscanf Read data from the console using fscanf()
GoodSource: Set data to a small, non-zero number (two)
Sinks: multiply
GoodSink: Ensure there will not be an overflow before multiplying data by 2
BadSink : If data is positive, multiply by 2, which can cause an overflow
Flow Variant: 44 Data/control flow: data passed as an argument from one function to a function in the same source file called via a function pointer

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.