The test case shows a use of a allocated memory after freed.

The test case shows a use of a allocated memory after freed.

The test case exposes an improper null termination in a string which is in a structure.

This test case shows a format string vulnerability in a local control flow; here, we use function pointer for control flow.

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncpy BadSink : Copy data to string using wcsncpy Flow Variant: 53 Data flow: data passed as an argument from one function through two others to a fourth; all...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: ncat BadSink : Copy data to string using wcsncat Flow Variant: 45 Data flow: data passed as a static global variable from one function to another in the sam...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: memmove BadSink : Copy data to string using memmove Flow Variant: 06 Control flow: if(static_const_five==5) and if(static_const_five!=5)

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: loop BadSink : Copy data to string using a loop Flow Variant: 64 Data flow: void pointer to data passed from one function to another in different source files

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: memmove BadSink : Copy data to string using memmove Flow Variant: 54 Data flow: data passed as an argument from one function through three others to a fifth;...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 09 Control flow: if(global_const_t) and if(global_const_f)

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cat BadSink : Copy data to string using strcat Flow Variant: 16 Control flow: while(1) and while(0)

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cat BadSink : Copy data to string using strcat Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: loop BadSink : Copy string to data using a loop Flow Variant: 11 Control flow: if(global_returns_t()) and if(global_returns_f())

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memmove BadSink : Copy twoints array to data using memmove Flow Variant: 04 Control flow: if(static_const_t) and if(static_const_f)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memmove BadSink : Copy twoints array to data using memmove Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: memmove BadSink : Copy twoints array to data using memmove Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: loop BadSink : Copy long long array to data using a loop Flow Variant: 08 Control flow: if(static_returns_t()) and if(static_returns_f())

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: loop BadSink : Copy int array to data using a loop Flow Variant: 04 Control flow: if(static_const_t) and if(static_const_f)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: memmove BadSink : Copy string to data using memmove Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function in a d...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: cat BadSink : Copy string to data using strcat Flow Variant: 13 Control flow: if(global_const_five==5) and if(global_const_five!=5)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: ncpy BadSink : Copy string to data using strncpy Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (within the...

CWE: 114 Process Control BadSource: fromConsole Read input from the console GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 15 Control flow: switch(6)

Unprotected string copy, unlocked shared resource, off-by-one. PLOVER: BUFF.OVER, NUM.OBO, RACE

Unprotected string copy, unlocked shared resource. PLOVER: BUFF.OVER, RACE

Unprotected buffer copy, unlocked shared resource. PLOVER: BUFF.OVER, RACE