CWE: 253 Incorrect Check of Return Value Sinks: remove GoodSink: Correctly check if remove() failed BadSink : Incorrectly check if remove() failed Flow Variant: 16 Control flow: while(1)

CWE: 253 Incorrect Check of Return Value Sinks: w32ImpersonateNamedPipeClient GoodSink: Correctly check if ImpersonateNamedPipeClient() failed BadSink : Incorrectly check if ImpersonateNamedPipeClient() failed Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 252 Unchecked Return Value Sinks: fread GoodSink: Check if fread() fails BadSink : Do not check if fread() fails Flow Variant: 17 Control flow: for loops

CWE: 195 Signed to Unsigned Conversion Error BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Positive integer Sink: memcpy BadSink : Copy strings using memcpy() with the length of data Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 194 Unexpected Sign Extension BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Positive integer Sink: memcpy BadSink : Copy strings using memcpy() with the length of data Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 190 Integer Overflow BadSource: max Set data to the max value for int GoodSource: Set data to a small, non-zero number (two) Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can cause an overf...

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (two) Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can cause an overflow ...

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: fprintf GoodSink: fprintf with %s as the second argument and data as the third BadSink : fprintf with data as the second argument Flow Variant:...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: vsnprintf with a format string BadSink : vsnprintf without a format string Flow Variant: 31 Data flow using a copy of data within the s...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: vsnprintf with a format string BadSink : vsnprintf without a format string Flow Variant: 12 Control flow: if(...

CWE: 126 Buffer Over-read BadSource: Use a small buffer GoodSource: Use a large buffer Sinks: memcpy BadSink : Copy data to string using memcpy Flow Variant: 67 Data flow: data passed in a struct from one function to another in different source files

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 16 Control flow: while(1)

CWE: 126 Buffer Overread BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Larger than zero but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant: 67 Data flo...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memmove BadSink : Copy string to data using memmove Flow Variant: 51 Data flow: data passed as an argument from one function to anot...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 68 Data flow: data passed as a global variable from one function to ...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cpy BadSink : Copy data to string using wcscpy Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: cpy BadSink : Copy string to data using wcscpy Flow Variant: 66 Data flow: data passed in an array from one function to another in different source files

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 42 Data flow: data returned from one function to another in the same source file

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: loop BadSink : Copy array to data using a loop Flow Variant: 07 Control flow: if(staticFiv...

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: memcpy BadSink : Copy string to data using memcpy() Flow Variant: 04 Control flow: if(STAT...

CWE: 114 Process Control BadSource: file Read input from a file GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 114 Process Control BadSource: console Read input from the console GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 15 Control flow: switch(6)

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = array of structs, Pointer = no, Index complexity = constant, Address co...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = wide character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity ...