CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: fprintf GoodSink: fwprintf with %s as the second argument and data as the third BadSink : fwprintf with data as the second argument Flow Varian...

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: fprintf GoodSink: fwprintf with %s as the second argument and data as the third BadSink : fwprintf with data as the second argument Flow Varian...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: fprintf GoodSink: fwprintf with %s as the second argument and data as the third BadSink : fwprintf with data as the second argument F...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: vprintf GoodSink: vprintf with a format string BadSink : vprintf without a format string Flow Variant: 17 Control flow: for loops

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: cpy BadSink : Copy data to string using wcscpy Flow Variant: 65 Data/control flow: data passed as an argument from one function to ...

CWE: 127 Buffer Underread BadSource: fgets Read data from the console using fgets() GoodSource: Non-negative but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking to see if the value is negative Flow Variant: 07 Control ...

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 53 Data flow: data passed as an argument from one function through two others to a fourth; all four fu...

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 32 Data flow using two pointers to the same value within the same function

CWE: 126 Buffer Over-read BadSource: Use a small buffer GoodSource: Use a large buffer Sinks: loop BadSink : Copy data to string using a loop Flow Variant: 63 Data flow: pointer to data passed from one function to another in different source files

CWE: 124 Buffer Underwrite BadSource: negative Negative index value GoodSource: Non-negative but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the lower bound Flow Variant: 31 Data flow using a copy of data within th...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: ncat BadSink : Copy data to string using wcsncat Flow Variant: 67 Data flow: data passed in a struct from one function to another in different source files

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate memory for a string, but do not allocate space for NULL terminator GoodSource: Allocate enough memory for a string and the NULL terminator Sinks: memcpy BadSink : Copy string to data using memcpy() Flow Variant: 66 Data flow: data pass...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cpy BadSink : Copy data to string using strcpy Flow Variant: 18 Control flow: goto statements

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: cpy BadSink : Copy data to string using strcpy Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function in a different...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cpy BadSink : Copy data to string using strcpy Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: cpy BadSink : Copy string to data using wcscpy Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsFalse())

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncat BadSink : Copy data to string using wcsncat Flow Variant: 32 Data flow using two pointers to the same value within the same function

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncat BadSink : Copy data to string using strncat Flow Variant: 53 Data flow: data passed as an argument from one function through two others to a fourth; all...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: ncat BadSink : Copy string to data using wcsncat Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy int64_t array to data using memcpy Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: memmove BadSink : Copy string to data using memmove() Flow Variant: 07 Control flow: if(st...

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: cpy BadSink : Copy string to data using strcpy() Flow Variant: 09 Control flow: if(GLOBAL_...

CWE: 114 Process Control BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 41 Data flow: data passed as an argument from one function to another in the same s...

Unprotected string copy, unlocked shared resource. PLOVER: RACE, BUFF.OVER

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...