CWE: 789 Uncontrolled Memory Allocation BadSource: fscanf Read data from the console using fscanf() GoodSource: Small number greater than zero Sinks: GoodSink: Allocate memory with malloc() and check the size of the memory to be allocated BadSink : Allocate memory with malloc(), but incorrec...

CWE: 762 Mismatched Memory Management Routines BadSource: Allocate data using new GoodSource: Allocate data using malloc() Sinks: GoodSink: Deallocate data using delete BadSink : Deallocate data using free() Flow Variant: 33 Data flow: use of a C++ reference to data within the same function

CWE: 762 Mismatched Memory Management Routines BadSource: Allocate data using new GoodSource: Allocate data using new [] Sinks: GoodSink: Deallocate data using delete BadSink : Deallocate data using delete [] Flow Variant: 54 Data flow: data passed as an argument from one function through ...

CWE: 674 Uncontrolled Recursion Sinks: unbounded_recursive_call GoodSink: Limit recursion to a managed level BadSink : Recursion not limited to a managed level Flow Variant: 10 Control flow: if(global_t) and if(global_f)

CWE: 590 Free of Invalid Pointer Not on the Heap BadSource: alloca Data buffer is allocated on the stack with alloca() GoodSource: Allocate memory on the heap Sinks: BadSink : Print then free data Flow Variant: 45 Data flow: data passed as a static global variable from one function to anothe...

CWE: 415 Double Free BadSource: Allocate data using new and Deallocae data using delete GoodSource: Allocate data using new Sinks: GoodSink: do nothing BadSink : Deallocate data using delete Flow Variant: 13 Control flow: if(global_const_five==5) and if(global_const_five!=5)

CWE: 401 Memory Leak BadSource: calloc Allocate data using calloc() GoodSource: Allocate data on the stack Sinks: GoodSink: call free() on data BadSink : no deallocation of data Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 401 Memory Leak BadSource: calloc Allocate data using calloc() GoodSource: Allocate data on the stack Sinks: GoodSink: call free() on data BadSink : no deallocation of data Flow Variant: 15 Control flow: switch(6) and switch(7)

CWE: 366 Race Condition Within a Thread Sinks: int_byref GoodSink: Acquire a lock before conducting operations BadSink : Do not acquire a lock before conducting operations Flow Variant: 10 Control flow: if(global_t) and if(global_f)

CWE: 253 Incorrect Check of Return Value Sinks: fputs GoodSink: Correctly check if fputs() failed BadSink : Incorrectly check if fputs() failed Flow Variant: 06 Control flow: if(static_const_five==5) and if(static_const_five!=5)

CWE: 252 Unchecked Return Value Sinks: rename GoodSink: Check if wrename() fails BadSink : Do not check if wrename() fails Flow Variant: 05 Control flow: if(static_t) and if(static_f)

CWE: 23 Relative Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: File name without a period or slash Sink: w32CreateFile BadSink : Flow Variant: 68 Data flow: data passed as a global variable from one function to another in different source...

CWE: 23 Relative Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: File name without a period or slash Sinks: open BadSink : Flow Variant: 64 Data flow: void pointer to data passed from one function to another in different source files

CWE: 197 Numeric Truncation Error BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Less than CHAR_MAX Sink: BadSink : Convert data to a char Flow Variant: 18 Control flow: goto statements

CWE: 190 Integer Overflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Small, non-zero Sinks: square GoodSink: Ensure there is no overflow before performing the squaring operation BadSink : Square data Flow Variant: 11 Control flow: if(global_returns_t()) and if(g...

CWE: 131 Incorrect Calculation of Buffer Size BadSource: Allocate memory for a string, but do not allocate space for NULL terminator GoodSource: Allocate enough memory for a string and the NULL terminator Sink: cpy BadSink : Copy string to data using strcpy() Flow Variant: 03 Control flow: ...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: loop BadSink : Copy data to string using a loop Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 126 Buffer Over-read BadSource: Use a small buffer GoodSource: Use a large buffer Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 18 Control flow: goto statements

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sinks: memmove BadSink : Copy data to string using memmove Flow Variant: 66 Data flow: data passed in an array from one function to another in different source files

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sink: loop BadSink : Copy data to string using a loop Flow Variant: 11 Control flow: if(global_returns_t()) and if(global_returns_f())

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: loop BadSink : Copy string to data using a loop Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 123 Write-What-Where Condition BadSource: connect_socket Overwrite linked list pointers using a connect socket (client side) GoodSource: Don't overwrite linked list pointers Sink: BadSink : Remove element from list Flow Variant: 32 Data flow using two pointers to the same value within t...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using new[] and set data pointer to a small buffer GoodSource: Allocate using new[] and set data pointer to a large buffer Sink: memcpy BadSink : Copy twointsclass array to data using memcpy Flow Variant: 16 Control flow: while(1) and ...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: snprintf BadSink : Copy data to string using snwprintf Flow Variant: 15 Control flow: switch(6)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memmove BadSink : Copy string to data using memmove Flow Variant: 02 Control flow: if(1) and if(0)