A reference to an allocated resource is lost because of pointer reuse. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

Reading of an uninitialized variable. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

A pointer to allocated memory is used, even if the memory block was freed before (the pointer was passed to free()). These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of ...

Use of gets(), strcpy() and similar functions, where there is no way to limit the size of the read string (no destination size parameter). These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for a...

A non null-terminated string is read. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

An array is overrun. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

A non-virtual destructor is never called. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

A signed integer looses its sign when implicitly casted to an unsigned integer. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

A value is casted into a type that can't represent it, because it's too small. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

The value exceeds the representation capacity of the type. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

A buffer function is called with a destination size too big. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

Incorrect pointer arithmetic to access a data structure. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

A C++ array is not deleted correctly, which could lead to memory leaks. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

The condition to exit the loop is never satisfied. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

A division by zero occurs. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

An erased c++ iterator is dereferenced. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

A past-the-end c++ iterator is dereferenced. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

A null pointer is dereferenced. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

memcopy() is used to copy memory from one region to another, but the two regions overlap, which is not supported by memcopy(). NOTE: the implementation in vstudio seems to handle overlapping regions correctly, even if the doc says otherwise. These test cases were graciously provided by Frederic M...

free() is given a pointer to something else than an allocated memory block. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

The bit shift is bigger than the size of the integral type or is negative. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

This test case includes the entire suite of code examples provided by DRDC. It contains a main function so that the tests can be executed. Please see the included readme.txt for instructions on preprocessor definitions to make the suite work as desired. These test cases were graciously provided b...

Because of the test for file existence in lines 33 and 35 and the file open on line 36 both use file names. This code contains a TOCTOU - Time of check, Time of use - vulnerability. The code can be exploited by the creation of a symbolic link with the name of the file. From "Secure Coding in C an...

Code with TOCTOU - Time of check, Time of use - culnerability involving stat(). The TOCTOU check occurs with the call of stat() on line 41 and the use is the call of fopen() on line 49. An attacker can simply exploit this vulnerabilty using a symlink: erase the file and make a symbolic link to th...

Extremly insecure stdio implementation. The program reads a filename from stdin on line 26 and attemps to open the file on line 26. This program is vulnerable to buffer overflows on line 26 and format string exploit on line 30. From \"Secure Coding in C and C \" by Robert C. Seacord. Page 215, ...