The SQL Injection is possible because the arguments are not validated before the MySQL query.

The test case avoids a Cross-Site Scripting of a CGI program in C that takes the arguments and print it out.

The test case shows a Cross-Site Scripting of a CGI program in C that takes the arguments and print it out.

Correctly refer to the expected memory address due to the semantics of when math operations are implicitly scaled.

Accidentally refer to the wrong memory address due to the semantics of when math operations are implicitly scaled.

Test of tool ability to identify use of an uninitialized variable (fixed).

Test of tool ability to identify use of an uninitialized variable (flawed).

The test case avoids a Stack-based Buffer Overflow.

The test case shows a Stack-based Buffer Overflow.

Test if tool can detect a heap inspection vulnerability (fixed).

Test if tool can detect a heap inspection vulnerability (flawed).

A strcpy is used to copy a string into a heap buffer. The caller shortens the string to prevent a buffer overflow from occuring.

A strcpy is used to copy a string into a heap buffer. The caller shortens the string but an overflow condition is still allowed.

A strncpy safely copies a string into a heap buffer.

A strncpy is used to copy a string but the length is given incorrectly leading to a heap buffer overflow.

A length check is made before strcpy, avoiding heap buffer overflow.

A length check is not made before strcpy, causing heap buffer overflow.

A strcpy does not overflow a stack buffer because a check is made to avoid an overflow condition.

A strcpy overflows a stack buffer. A check was made to avoid an overflow condition but the check is off by one.

A malloc-ed data is freed only once.

A malloc-ed data is freed before being returned to the caller and freed again.

A malloc-ed data is freed in the caller.

A malloc-ed data is returned to the caller but never freed.

A malloc-ed data is freed.

A malloc-ed data is never freed and all pointers to the data are lost.