An example to prevent heap overflow.

An example to prevent heap overflow.

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy data to string using wcscpy Flow Variant: 42 Data flow: data returned from one function to another in the same so...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: ncpy BadSink : Copy data to string using strncpy Flow Variant: 53 Data flow: data passed as an argument from one function through tw...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: memmove BadSink : Copy data to string using memmove Flow Variant: 65 Data/control flow: data passed as an argument from one functio...

CWE: 126 Buffer Over-read BadSource: Use a small buffer GoodSource: Use a large buffer Sink: loop BadSink : Copy data to string using a loop Flow Variant: 17 Control flow: for loops

CWE: 126 Buffer Over-read BadSource: Use a small buffer GoodSource: Use a large buffer Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 32 Data flow using two pointers to the same value within the same function

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: loop BadSink : Copy string to data using a loop Flow Variant: 33 Data flow: use of a C++ reference to data within the same function

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: loop BadSink : Copy string to data using a loop Flow Variant: 09 Control flow: if(global_const_t) and if(global_const_f)

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 04 Control flow: if(static_const_t) and if(static_const_f)

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using new[] and set data pointer to a small buffer GoodSource: Allocate using new[] and set data pointer to a large buffer Sink: memcpy BadSink : Copy twointsclass array to data using memcpy Flow Variant: 42 Data flow: data returned fr...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cat BadSink : Copy data to string using wcscat Flow Variant: 41 Data flow: data passed as an argument from one function to another in the same source file

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: snprintf BadSink : Copy data to string using snprintf Flow Variant: 53 Data flow: data passed as an argument from one function through two others to a fourth;...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: memmove BadSink : Copy data to string using memmove Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 05 Control flow: if(static_t) and if(static_f)

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cpy BadSink : Copy data to string using strcpy Flow Variant: 09 Control flow: if(global_const_t) and if(global_const_f)

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sinks: memmove BadSink : Copy string to data using memmove Flow Variant: 61 Data flow: data returned from ...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sink: snprintf BadSink : Copy string to data using snprintf Flow Variant: 18 Control flow: goto statements

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sink: cat BadSink : Copy string to data using strcat Flow Variant: 54 Data flow: data passed as an argumen...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: ncat BadSink : Copy data to string using wcsncat Flow Variant: 63 Data flow: pointer to data passed from one function to another in different source files

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: memmove BadSink : Copy data to string using memmove Flow Variant: 18 Control flow: goto statements

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: snprintf BadSink : Copy string to data using snwprintf Flow Variant: 44 Data/control flow: data passed as an argument from one function to a function in ...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: loop BadSink : Copy int array to data using a loop Flow Variant: 44 Data/control flow: data passed as an argument from one function to a function in the ...

The accidental addition of a data-structure sentinel can cause serious programing . The accidental addition of a data-structure sentinel can cause serious programing logic problems. (from TCCLASP-5_6_7_10)

The accidental addition of a data-structure sentinel can cause serious programing logic problems. (from TCCLASP-5_6_7_10)