The test case exposes a race condition while writing the file.

The test case shows how it is easy to get a buffer overflow if a string function is misused.

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cpy BadSink : Copy data to string using wcscpy Flow Variant: 04 Control flow: if(static_const_t) and if(static_const_f)

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: snprintf BadSink : Copy data to string using snwprintf Flow Variant: 08 Control flow: if(static_returns_t()) and if(static_returns_f())

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cat BadSink : Copy data to string using wcscat Flow Variant: 04 Control flow: if(static_const_t) and if(static_const_f)

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncpy BadSink : Copy data to string using strncpy Flow Variant: 10 Control flow: if(global_t) and if(global_f)

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncat BadSink : Copy data to string using strncat Flow Variant: 32 Data flow using two pointers to the same value within the same function

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: memmove BadSink : Copy data to string using memmove Flow Variant: 41 Data flow: data passed as an argument from one function to another in the same source file

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: memmove BadSink : Copy data to string using memmove Flow Variant: 09 Control flow: if(global_const_t) and if(global_const_f)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: snprintf BadSink : Copy string to data using snwprintf Flow Variant: 19 Control flow: Dead code after a return

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: ncpy BadSink : Copy string to data using wcsncpy Flow Variant: 51 Data flow: data passed as an argument from one function to another in different source f...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: ncpy BadSink : Copy string to data using wcsncpy Flow Variant: 14 Control flow: if(global_five==5) and if(global_five!=5)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: ncat BadSink : Copy string to data using wcsncat Flow Variant: 06 Control flow: if(static_const_five==5) and if(static_const_five!=5)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memmove BadSink : Copy twoints array to data using memmove Flow Variant: 68 Data flow: data passed as a global variable from one function to another in di...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy twoints array to data using memcpy Flow Variant: 12 Control flow: if(global_returns_t_or_f())

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy long long array to data using memcpy Flow Variant: 01 Baseline

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy int array to data using memcpy Flow Variant: 15 Control flow: switch(6)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: loop BadSink : Copy int array to data using a loop Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: snprintf BadSink : Copy string to data using snprintf Flow Variant: 01 Baseline

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: ncat BadSink : Copy string to data using strncat Flow Variant: 45 Data flow: data passed as a static global variable from one function to another in the ...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memmove BadSink : Copy string to data using memmove Flow Variant: 68 Data flow: data passed as a global variable from one function to another in different...

CWE: 121 Stack Based Buffer Overflow Sinks: type_overrun_memmove GoodSink: Perform the memmove() and prevent overwriting part of the structure BadSink : Overwrite part of the structure by incorrectly using the sizeof(struct) in memmove() Flow Variant: 15 Control flow: switch(6)

CWE: 114 Process Control BadSource: Environment Read input from an environment variable GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 01 Baseline

Unprotected string copy, unlocked shared resource. PLOVER: BUFF.OVER, RACE