CWE: 191 Integer Underflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Set data to a small, non-zero number (negative two) Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an ...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for short GoodSource: Set data to a small, non-zero number (two) Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow Flow Variant: 11 Control fl...

CWE: 190 Integer Overflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 0...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for int GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 18 Control f...

CWE: 134 Uncontrolled Format String BadSource: file Read input from a file GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: _vsnwprintf with a format string BadSink : _vsnwprintf without a format string Flow Variant: 01 Baseline

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: fprintf GoodSink: fwprintf with %s as the second argument and data as the third BadSink : fwprintf with data as the second argument Flow Varian...

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: fprintf GoodSink: fprintf with %s as the second argument and data as the third BadSink : fprintf with data as the second argument Flow Variant:...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy data to string using strcpy Flow Variant: 54 Data flow: data passed as an argument from one function through thre...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy data to string using strcpy Flow Variant: 52 Data flow: data passed as an argument from one function to another t...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy data to string using strcpy Flow Variant: 32 Data flow using two pointers to the same value within the same function

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memmove BadSink : Copy data to string using memmove Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: loop BadSink : Copy data to string using a loop Flow Variant: 54 Data flow: data passed as an argument from one function through thr...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy data to string using strcpy Flow Variant: 68 Data flow: data passed as a global variable from one function to ano...

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sink: loop BadSink : Copy data to string using a loop Flow Variant: 32 Data flow using two pointers to the same value within the same function

CWE: 126 Buffer Overread BadSource: fgets Read data from the console using fgets() GoodSource: Larger than zero but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant: 32 Data flow using two p...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy string to data using wcscpy Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize the source buffer using the size of a pointer GoodSource: Initialize the source buffer using the size of the DataElementType Sink: BadSink : Print then free data Flow Variant: 52 Data flow: data passed as an argument from one functio...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate memory for a string, but do not allocate space for NULL terminator GoodSource: Allocate enough memory for a string and the NULL terminator Sinks: ncpy BadSink : Copy string to data using wcsncpy() Flow Variant: 63 Data flow: pointer to...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: ncpy BadSink : Copy data to string using wcsncpy Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function in a differe...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncat BadSink : Copy data to string using strncat Flow Variant: 51 Data flow: data passed as an argument from one function to another in different source files

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: cpy BadSink : Copy string to data using wcscpy() Flow Variant: 01 Baseline

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: ncpy BadSink : Copy string to data using strncpy() Flow Variant: 09 Control flow: if(GLOBA...

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: memmove BadSink : Copy string to data using memmove() Flow Variant: 68 Data flow: data pas...

Off-by-one bounds checking. PLOVER: BUFF.OVER, NUM.OBO