Test if tool can detect a heap inspection vulnerability.

A strcpy is used to copy a string into a heap buffer. The caller shortens the string to prevent a buffer overflow from occuring.

A strcpy is used to copy a string into a heap buffer. The caller shortens the string but an overflow condition is still allowed.

A strncpy safely copies a string into a heap buffer.

An strncpy is used to copy a string but the length is given incorrectly leading to a heap buffer overflow.

An strcpy overflows a heap buffer.

A strcpy does not overflows a stack buffer because a check is made to avoid an overflow condition.

A strcpy overflows a stack buffer. A check was made to avoid an overflow condition but the check is off by one.

malloc\'d data is freed only once.

malloc\'d data is freed before being returned to the caller and freed again.

malloc\'d data is freed in the caller.

malloc\'d data is returned to the caller but never freed.

malloc\'d data is freed.

malloc\'d data is never freed and all pointers to the data are lost.

integer overflow results in a short malloc and an overflow. A guard is put in place to protect against the overflow.

integer overflow results in a short malloc and an overflow. A guard was put in place to protect the overflow but the guard is incorrect.

fgets is called with a correct bound.

fgets is called with an incorrect bound allowing a stack buffer to be overrun.

fgets is used in place of gets with a proper bounds check.

gets is never safe for untrusted input due to lack of buffer length checks.

Printf is called with a static format string. This is not a defect.

System() is called with user-provided data but the data is strictly scrutinized first.

Format string vulnerability

Format string vulnerability

Infinite loop