CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: loop BadSink : Copy data to string using a loop Flow Variant: 84 Data flow: data passed to class constructor and destructor by decl...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy data to string using strcpy Flow Variant: 01 Baseline

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: loop BadSink : Copy data to string using a loop Flow Variant: 84 Data flow: data passed to class constructor and destructor by decl...

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sinks: memmove BadSink : Copy data to string using memmove Flow Variant: 33 Data flow: use of a C++ reference to data within the same function

CWE: 126 Buffer Over-read BadSource: Use a small buffer GoodSource: Use a large buffer Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 18 Control flow: goto statements

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: cpy BadSink : Copy string to data using wcscpy Flow Variant: 73 Data flow: data passed in a list from one function to another in di...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: memcpy BadSink : Copy string to data using memcpy Flow Variant: 33 Data flow: use of a C++ reference to data within the same function

CWE: 124 Buffer Underwrite BadSource: rand Set data to result of rand(), which may be zero GoodSource: Non-negative but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the lower bound Flow Variant: 84 Data flow: data p...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: cpy BadSink : Copy string to data using strcpy Flow Variant: 73 Data flow: data passed in a list from one function to another in di...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: loop BadSink : Copy data to string using a loop Flow Variant: 73 Data flow: data passed in a list from one function to another in different source files

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate memory for a string, but do not allocate space for NULL terminator GoodSource: Allocate enough memory for a string and the NULL terminator Sinks: cpy BadSink : Copy string to data using strcpy() Flow Variant: 74 Data flow: data passed ...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: cpy BadSink : Copy data to string using wcscpy Flow Variant: 61 Data flow: data returned from one function to another in different source files

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using new[] and set data pointer to a small buffer GoodSource: Allocate using new[] and set data pointer to a large buffer Sinks: cpy BadSink : Copy string to data using strcpy Flow Variant: 63 Data flow: pointer to data passed from on...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: ncpy BadSink : Copy data to string using wcsncpy Flow Variant: 67 Data flow: data passed in a struct from one function to another in different source files

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: memmove BadSink : Copy data to string using memmove Flow Variant: 67 Data flow: data passed in a struct from one function to another in different source files

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate memory for a string, but do not allocate space for NULL terminator GoodSource: Allocate enough memory for a string and the NULL terminator Sink: loop BadSink : Copy array to data using a loop Flow Variant: 42 Data flow: data returned f...

CWE: 122 Heap Based Buffer Overflow BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Larger than zero but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant: ...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: cat BadSink : Copy data to string using strcat Flow Variant: 72 Data flow: data passed in a vector from one function to another in different source files

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data to a small buffer GoodSource: Initialize data to a buffer large enough to hold a TwoIntsClass Sinks: GoodSink: Allocate a new class using placement new and a buffer that is large enough to hold the class BadSink : Allocate a ne...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: memcpy BadSink : Copy string to data using memcpy Flow Variant: 72 Data flow: data passed in a vector from one function to another in different source files

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: memcpy BadSink : Copy twoIntsStruct array to data using memcpy Flow Variant: 81 Data flow: data passed in a parameter to an virtual method called via a r...

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sinks: loop BadSink : Copy array to data using a loop Flow Variant: 72 Data flow: data passed in...

The test case shows a Heap Overflow will not occur when assigning a character \'a\' to a heap buffer. The code has array address complexity.

A software system that accepts and executes input in the form of operating system commands (e.g. system()) could allow an attacker with lesser privileges than the target software to execute commands with the elevated privileges of the executing process.