CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 01 Baseline

This test is a \"fix\" to an exposed Heap Overflow with an array index complexity

Proper bounds checking for strcat()[br][br]Still theoretically vulnerable to integer overflow.[br][br]This replaces cases 1322 and 1323. This is the fixed version of cases 2081 and 2082.

Off-by-one error on bounds checking for strcat(). PLOVER: NUM.OBO, BUFF.OVER This replaces case 1320

No bounds checking on buffer during strcat(). PLOVER: BUFF.OVER This replaces case 1319

The accidental addition of a data-structure sentinel can cause serious programing logic problems, e.g. .one potentially could cause data to be truncated early. (from TCCLASP-5_6_7_10). CWE 464.

Integer pointer is assigned a value within current buffer.

Character pointer is assigned value beyond current buffer using sizeof() function (with brackets).

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics: write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = function re...

Since the argument (the file name) is not validated, one can open every file and print it.

If a functions return value is not checked, it could have failed without any warning. (from TCCLASP-5_6_1_9)

Tempfile creation should be done in a safe way. To be safe, the temp file function should open up the temp file with appropriate access control. The temp file function should also retain this quality, while being resistant to race conditions. (from TCCLASP-5_6_20_10) (CWE 378)

Not using a random initialization vector with Cipher Block Chaining (CBC) Mode causes algorithms to be susceptible to dictionary attacks. (from TCCLASP-5_5_22_10-C). (CWE 329)

State synchronization refers to a set of flaws involving contradictory states of execution in a process which result in undefined behavior (from TCCLASP-5_4_1_10-C).

Heap overflow

The test case shows a Stack Overflow.

The test case shows a Stack Overflow.

The test case exposes a path manipulation.

The test case exposes a path manipulation.

The test case shows a path manipulation weakness.

The test case shows a path manipulation weakness.

The test case shows an other variant of the improper pointer subtraction. Here we try to do pointer arithmetic with different type of pointers.