CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: vprintf GoodSink: vprintf with a format string BadSink : vprintf without a format string Flow Variant: 61 Data flow: data returned fr...

CWE: 127 Buffer Underread BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Non-negative but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking to see if the value is negative Flow Variant...

CWE: 127 Buffer Underread BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Non-negative but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking to see if the value is negative Flow Variant...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy string to data using wcscpy Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: ncpy BadSink : Copy string to data using wcsncpy Flow Variant: 34 Data flow: use of a union containing two methods of accessing the...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: ncpy BadSink : Copy string to data using strncpy Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 124 Buffer Underwrite BadSource: fscanf Read data from the console using fscanf() GoodSource: Non-negative but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the lower bound Flow Variant: 07 Control flow: if(stat...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncpy BadSink : Copy data to string using wcsncpy Flow Variant: 51 Data flow: data passed as an argument from one function to another in different source files

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: memmove BadSink : Copy data to string using memmove Flow Variant: 54 Data flow: data passed as an argument from one function through three others to a fifth; ...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sink: loop BadSink : Copy twoIntsStruct array to data using a loop Flow Variant: 51 Data flow: data passed...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cpy BadSink : Copy data to string using wcscpy Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cpy BadSink : Copy data to string using wcscpy Flow Variant: 21 Control flow: Flow controlled by value of a static global variable. All functions contained i...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: cat BadSink : Copy data to string using wcscat Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (within the same...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cat BadSink : Copy data to string using strcat Flow Variant: 22 Control flow: Flow controlled by value of a global variable. Sink functions are in a separate...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cat BadSink : Copy data to string using strcat Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsFalse())

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncpy BadSink : Copy data to string using wcsncpy Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memmove BadSink : Copy string to data using memmove Flow Variant: 51 Data flow: data passed as an argument from one function to another in different sourc...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy int64_t array to data using memcpy Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy int64_t array to data using memcpy Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsFalse())

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sinks: loop BadSink : Copy array to data using a loop Flow Variant: 64 Data flow: void pointer t...

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: memcpy BadSink : Copy string to data using memcpy() Flow Variant: 32 Data flow using two p...

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: memcpy BadSink : Copy string to data using memcpy() Flow Variant: 02 Control flow: if(1) a...

CWE: 114 Process Control BadSource: file Read input from a file GoodSource: Hard code the full pathname to the library Sinks: BadSink : Load a dynamic link library Flow Variant: 64 Data flow: void pointer to data passed from one function to another in different source files

CWE: 114 Process Control BadSource: file Read input from a file GoodSource: Hard code the full pathname to the library Sinks: BadSink : Load a dynamic link library Flow Variant: 63 Data flow: pointer to data passed from one function to another in different source files

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = inter-file/inter-procedural, Container = no, Pointer = no, Index complexity = N/A, Addres...