CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string Sinks: execl BadSink : execute command with wexecl Flow Variant: 62 Data flow: data flows using a C++ reference from one function to another in different source files

CWE: 78 OS Command Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Fixed string Sinks: w32_execvp BadSink : execute command with wexecvp Flow Variant: 81 Data flow: data passed in a parameter to an virtual method called via a reference

CWE: 762 Mismatched Memory Management Routines BadSource: malloc Allocate data using malloc() GoodSource: Allocate data using new Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete Flow Variant: 44 Data/control flow: data passed as an argument from one func...

CWE: 762 Mismatched Memory Management Routines BadSource: calloc Allocate data using calloc() GoodSource: Allocate data using new [] Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete [] Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 762 Mismatched Memory Management Routines BadSource: calloc Allocate data using calloc() GoodSource: Allocate data using new [] Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete [] Flow Variant: 16 Control flow: while(1)

CWE: 762 Mismatched Memory Management Routines BadSource: malloc Allocate data using malloc() GoodSource: Allocate data using new [] Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete [] Flow Variant: 34 Data flow: use of a union containing two methods of a...

CWE: 401 Memory Leak BadSource: calloc Allocate data using calloc() GoodSource: Allocate data on the stack Sinks: GoodSink: call free() on data BadSink : no deallocation of data Flow Variant: 82 Data flow: data passed in a parameter to an virtual method called via a pointer

chrome-5.0.375.54

CVE-2010-2295

CVE-2010-2297

CVE-2010-2300

CVE-2010-2301

CVE-2010-2302

CVE-2010-1772

CVE-2010-1773

CWE: 773 Missing Reference to Active File Descriptor or Handle BadSource: Create a file descriptor using open() Sinks: GoodSink: Close the file before reusing the file descriptor BadSink : Reassign the file descriptor before closing the file Flow Variant: 84 Data flow: data passed to class ...

CWE: 457 Use of Uninitialized Variable BadSource: Dont initialize data GoodSource: Initialize data Sinks: GoodSink: Initialize then use data BadSink : Use data Flow Variant: 63 Data flow: pointer to data passed from one function to another in different source files

CWE: 36 Absolute Path Traversal BadSource: file Read input from a file GoodSource: Full path and file name Sink: fopen BadSink : Open the file named in data using fopen() Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

This test case includes the entire suite of code examples provided by DRDC. It contains a main function so that the tests can be executed. Please see the included readme.txt for instructions on preprocessor definitions to make the suite work as desired. These test cases were graciously provided b...

The semantics of virtual functions. As most C++ compilers implement virtual functions using a Virtual Function Table (VTBL). The VTBL is an array of function pointers that is used at runtime for dispatching virtual function calls. It"s possible to overwrite function pointers in the VTBL or change...