CWE: 690 Unchecked Return Value To NULL Pointer BadSource: realloc Allocate data using realloc() Sinks: GoodSink: Check to see if the data allocation failed and if not, use data BadSink : Dont check for NULL and use data Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 563 Unused Variable BadSource: Initialize data GoodSource: Initialize and use data Sinks: GoodSink: Use data BadSink : Initialize and use data Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 468 Incorrect Pointer Scaling Sinks: char_ptr_to_int GoodSink: Correctly use sizeof() for pointer scaling BadSink : Do not use sizeof() in pointer scaling Flow Variant: 17 Control flow: for loops

CWE: 391 Unchecked Error Condition Sinks: strtol GoodSink: Perform error checks and handling BadSink : Do not check if strtol() failed Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 369 Divide by Zero BadSource: zero Fixed value of zero GoodSource: A hardcoded non-zero number (two) Sinks: GoodSink: Check value of or near zero before dividing BadSink : Divide a constant by data Flow Variant: 52 Data flow: data passed as an argument from one function to another to a...

CWE: 284 Improper Access Control Sinks: CreateNamedPipe GoodSink: Create a windows pipe using CreateNamedPipeW() ensuring that the pipe wont be created over an existing one BadSink : Create a windows pipe using CreateNamedPipeW() potentially allowing the pipe to be created over an existing one...

CWE: 252 Unchecked Return Value Sinks: putchar GoodSink: Check if putchar() fails BadSink : Do not check if putchar() fails Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 194 Unexpected Sign Extension BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Positive integer Sinks: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 66 Data flow: data passed in an array from one function to anot...

CWE: 191 Integer Underflow BadSource: min Set data to the min value for unsigned int GoodSource: Set data to a small, non-zero number (negative two) Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Un...

CWE: 191 Integer Underflow BadSource: min Set data to the min value for short GoodSource: Set data to a small, non-zero number (negative two) Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Underflow...

CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (negative two) Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multiply by 2, which can cause a...

CWE: 190 Integer Overflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 1...

CWE: 190 Integer Overflow BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Fl...

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: vprintf GoodSink: vprintf with a format string BadSink : vprintf without a format string Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) a...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: loop BadSink : Copy data to string using a loop Flow Variant: 15 Control flow: switch(6)

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 17 Control flow: for loops

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sinks: memcpy BadSink : Copy data to string using memcpy Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: loop BadSink : Copy data to string using a loop Flow Variant: 22 Control flow: Flow controlled by value of a global variable. Sink functions are in a separate...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: loop BadSink : Copy data to string using a loop Flow Variant: 53 Data flow: data passed as an argument from one function through two others to a fourth; all ...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: snprintf BadSink : Copy string to data using snprintf Flow Variant: 17 Control flow: for loops

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: cpy BadSink : Copy string to data using wcscpy() Flow Variant: 17 Control flow: for loops

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 17 Control flow: for loops

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...