The test case shows a use of a allocated memory after freed.

The test case exposes an improper null termination in a string which is in a structure.

CWE: 78 OS Command Injection BadSource: fromFile Read input from a file GoodSource: Benign input Sink: execlp BadSink : execute command with wexeclp Flow Variant: 01 Baseline

CWE: 762 Mismatched Memory Management Routines BadSource: malloc Allocate data using malloc() GoodSource: Allocate data using new Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete Flow Variant: 04 Control flow: if(static_const_t) and if(static_const_f)

CWE: 617 Reachable Assertion BadSource: fixed Fixed value less than the assert value GoodSource: Number greater than ASSERT_VALUE Sink: BadSink : Assert if n is less than ASSERT_VALUE Flow Variant: 04 Control flow: if(static_const_t) and if(static_const_f)

CWE: 588 Attempt to Access Child of a Non Structure Type BadSource: Void pointer to an int GoodSource: Void pointer to a twoints struct Sink: BadSink : Print data Flow Variant: 15 Control flow: switch(6)

CWE: 535 Information Leak Through Shell Error Message Sinks: GoodSink: Write to stderr, but do not write the password BadSink : Write to stderr and include the password Flow Variant: 12 Control flow: if(global_returns_t_or_f())

CWE: 457 Use of Uninitialized Variable BadSource: partial_init Initialize part, but not all of the array GoodSource: Initialize data Sinks: use GoodSink: Initialize then use data BadSink : Use data Flow Variant: 05 Control flow: if(static_t) and if(static_f)

CWE: 416 Use After Free Sinks: GoodSink: Use a block of memory returned from a function BadSink : Use a block of memory returned from a function after it has been freed Flow Variant: 17 Control flow: for loops

CWE: 401 Memory Leak BadSource: calloc Allocate data using calloc() GoodSource: Allocate data on the stack Sinks: GoodSink: call free() on data BadSink : no deallocation of data Flow Variant: 09 Control flow: if(global_const_t) and if(global_const_f)

CWE: 401 Memory Leak BadSource: malloc Allocate data using malloc() GoodSource: Allocate data on the stack Sinks: GoodSink: call free() on data BadSink : no deallocation of data Flow Variant: 01 Baseline

CWE: 369 Divide By Zero BadSource: fscanf Read data from the console using fscanf() GoodSource: Non-zero Sinks: modulo BadSink : Modulo a constant with data Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function in a different source file called via a ...

CWE: 369 Divide By Zero BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Non-zero Sink: divide BadSink : Divide a constant by data Flow Variant: 14 Control flow: if(global_five==5) and if(global_five!=5)

CWE: 195 Signed to Unsigned Conversion BadSource: negative Set data to a fixed negative number GoodSource: Positive integer Sink: memmove BadSink : Copy strings using memmove() with the length of data Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 194 Unexpected Sign Extension BadSource: rand Set data to result of rand(), which could be negative GoodSource: Positive integer Sinks: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 61 Data flow: data returned from one function to another in differ...

CWE: 194 Unexpected Sign Extension BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Positive integer Sink: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 32 Data flow using two pointers to the same value within the sam...

CWE: 193 Off by One Error Sinks: loop GoodSink: Use a loop to perform a string copy without overflowing the destination buffer BadSink : Use a loop to perform a string copy, but overflow the destination buffer Flow Variant: 12 Control flow: if(global_returns_t_or_f())

CWE: 187 Partial Comparison BadSource: fromConsole Read input from the console GoodSource: Provide a matching password Sinks: ncmp_user_pw GoodSink: Compare the 2 passwords correctly BadSink : use wcsncmp() to do password match, but use the length of the user password Flow Variant: 06 Contr...

CWE: 187 Partial Comparison BadSource: fromConsole Read input from the console GoodSource: Provide a matching password Sinks: ncmp_user_pw GoodSink: Compare the 2 passwords correctly BadSink : use strncmp() to do password match, but use the length of the user password Flow Variant: 45 Data ...

CWE: 187 Partial Comparison BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Provide a matching password Sinks: str GoodSink: Compare the 2 passwords correctly BadSink : use strstr() to do password match, which is a partial comparison Flow Variant: 02 Con...

CWE: 187 Partial Comparison BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Provide a matching password Sinks: ncmp_user_pw GoodSink: Compare the 2 passwords correctly BadSink : use strncmp() to do password match, but use the length of the user password ...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: vsnprintf GoodSink: _vsnwprintf with a format string BadSink : _vsnwprintf without a format string Flow Variant: 54 Data flow: data p...

CWE: 129 Improper Validation of Array Index BadSource: rand Set data to result of rand(), which may be zero GoodSource: Larger than zero but less than 10 Sinks: wchar_t GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow ...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: ncat BadSink : Copy data to string using wcsncat Flow Variant: 45 Data flow: data passed as a static global variable from one function to another in the sam...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: memmove BadSink : Copy data to string using memmove Flow Variant: 06 Control flow: if(static_const_five==5) and if(static_const_five!=5)