This test case reads entries from a comma-separated-value file. It expects to read 3 strings from a file in the format: double quote, up to 79 characters, double quote, comma; double quote, up to 79 characters, double quote, comma; and double quote, up to 79 characters, double quote. The test cas...

This test case reads the taint source. If it contains a non-alphanumeric value, the source taint buffer is set to NULL. Subsequently, strcpy is called with the source taint buffer as this source. This causes a null pointer dereference. Metadata - Base program: Subversion - Source Taint: ENVIRON...

This test case looks for the substring 'aba' within the taint source. If it finds the substring, it sets a pointer called stonesoup_second_buff to the beginning of the 'aba' substring, and the weakness continues without incident. If it does not find the substring, stonesoup_second_buff retains it...

This test case reads the taint source. If it contains a non-alphanumeric value, the source taint buffer is set to NULL. Subsequently, strcpy is called with the source taint buffer as this source. This causes a null pointer dereference. Metadata - Base program: Gimp - Source Taint: SHARED_MEMORY...

This test case reads the taint source. If it contains a non-alphanumeric value, the source taint buffer is set to NULL. Subsequently, strcpy is called with the source taint buffer as this source. This causes a null pointer dereference. Metadata - Base program: Gimp - Source Taint: SOCKET - Dat...

This test case reads the taint source. If the length of the taint source is 63 bytes or less, it allocates a buffer to copy the taint source into. It then copies the taint source into the buffer, regardless of whether it actually allocated any memory or not. If it did not allocate memory, the buf...

This test case reads a space-delimited string from the taint source. The first element in the string is the number of elements following it. The test cases reads in the following elements and outputs them. If there are fewer elements than expected, a segmentation fault occurs. Metadata - Base p...

This test case reads the taint source, and converts it to an integer, then an unsigned int. It uses a wrapped malloc to allocate a buffer of the size specified by the taint source. If the size is greater than 512, the wrapped malloc returns NULL. The program attempts to use the buffer, and if the...

This test case reads a space-delimited string from the taint source. The first element in the string is the number of elements following it. The test cases reads in the following elements and outputs them. If there are fewer elements than expected, a segmentation fault occurs. Metadata - Base p...

The test case shows protection against the use of an allocated memory after being freed with an address alias level code complexity.

The test case shows a use of an allocated memory after being freed with an address alias level code complexity.

This test case avoids the problem of NULL pointer dereference.

This test case may dereference a NULL pointer.

This test shows a null pointer is not dereferenced, in a local control flow.

The test case exposes a null dereference.

This test case shows an effort made to avoid OS command injection problem.

Command injection problems are a subset of injection problem, in which the process is tricked into calling external processes of the attackers choice through the injection of control-plane data into the data plane.

The test case avoids a use of an allocated memory after being freed with an extra allocation and free complexity.

The test case shows a use of an allocated memory after being freed with an extra allocation and free complexity.

Format string problems occur when a user has the ability to control or write completely the format string used to format data in the printf style family of C/C++ functions (fixed).

Format string problems occur when a user has the ability to control or write completely the format string used to format data in the printf style family of C/C++ functions (flawed).

The test case avoids a Time-of-Check-Time-of-Use (TOCTOU) race condition between checking file attributes and then opening and writing to the file using random calls to function pointers.

The test case shows a Time-of-Check-Time-of-Use (TOCTOU) race condition between checking file attributes and then opening and writing to the file using random calls to function pointers.

The test case shows a Time-of-Check-Time-of-Use (TOCTOU) race condition between checking file attributes and then opening and writing to the file.

The test case shows a Time-of-Check-Time-of-Use (TOCTOU) race condition between checking file attributes and then opening and writing to the file.