CVE-2013-1579

Defect Type: Stack related defects Defect Sub-type: Stack underrun Description: Defect Free Code to identify false positives in stack underrun conditions The test case contains coincidental weaknesses along with intended ones as follows for file st_underrun.c: * line(s): 51,235,237 CWE-124 * line...

Defect Type: Stack related defects Defect Sub-type: Stack underrun The test case contains coincidental weaknesses along with intended ones as follows for file st_underrun.c: * line(s): 25,51,92,130,150,193 CWE-835 * line(s): 193,195,204 CWE-121 * line(s): 195,227 CWE-124 * line(s): 247 CWE-561

Defect Type: Stack related defects Defect Sub-type: Stack overflow

Defect Type: Static memory defects Defect Sub-type: Static buffer overrun Description: Defect Free Code to identify false positives in static buffer overrun The test case contains coincidental weaknesses along with intended ones as follows for file overrun_st.c: * line(s): 22,33,45,56,67,78,89,10...

Defect Type: Static memory defects Defect Sub-type: Static buffer overrun The test case contains coincidental weaknesses along with intended ones as follows for file overrun_st.c: * line(s): 22,33,45,56,67,78,89,100,111,170,183,195,207,223,251,265,281,294,307,321,334,347,360,373,388,403,429,444,4...

Defect Type: Resource management defects Defect Sub-type: Memory allocation failure Description: Defect Free Code to identify false positives while memory_allocation_failure - Memory could not be allocated / insufficient memory Created on: Oct 14, 2013 Author: hemalatha The test case contains co...

Defect Type: Resource management defects Defect Sub-type: Memory allocation failure Description: memory_allocation_failure - Memory could not be allocated / insufficient memory Created on: Oct 14, 2013 Author: hemalatha The test case contains coincidental weaknesses along with intended ones as f...

Defect Type: Dynamic memory defects Defect Sub-type: Dynamic buffer overrun Created on: Sep 27, 2012 Author: caesaru01 The test case contains coincidental weaknesses along with intended ones as follows for file buffer_overrun_dynamic.c: * line(s): 145,151,153,173,434,511,513,550,558 CWE-476 * lin...

No buffer overflow even if the input is not validated. Every operation may write outside the bound of the statically allocated character array.

Buffer overflow if the input is not validated. Every operation may write outside the bound of the statically allocated character array.

The test case avoids a Stack Overflow by fixing a bad loop exit condition (and start index).

The test case shows a Stack Overflow with a bad loop exit condition (and start index).

The test case avoids a Stack Overflow by fixing a bad array index.

The test case shows a Stack Overflow with an off-by-one array index.

The test case avoids a Stack Overflow by fixing a bad array index.

The test case shows a Stack Overflow with a bad array index.

The test case avoids a Stack-based Buffer Overflow.

The test case shows a Stack-based Buffer Overflow.

A strcpy does not overflow a stack buffer because a check is made to avoid an overflow condition.

A strcpy overflows a stack buffer. A check was made to avoid an overflow condition but the check is off by one.

An fgets is called with a correct bound.

An fgets is called with an incorrect bound allowing a stack buffer to be overrun.

An fgets is used in place of gets with a proper bounds check.

A gets is never safe for untrusted input due to lack of buffer length checks.