Test of tool ability to identify a NULL pointer dereference.

The test case shows a Cross Site scripting weakness in a C/CGI application.

This Cross-Site Scripting example shows how a CGI program in C takes the arguments and print it out.

This Cross-Site Scripting example shows how a CGI program in C takes the arguments and print it out.

In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled. (from TCCLASP-5_6_9_10)

Test of tool ability to identify use of an uninitialized variable.

stack overflow

Test if tool can detect a heap inspection vulnerability.

A strcpy is used to copy a string into a heap buffer. The caller shortens the string to prevent a buffer overflow from occuring.

A strcpy is used to copy a string into a heap buffer. The caller shortens the string but an overflow condition is still allowed.

A strncpy safely copies a string into a heap buffer.

An strncpy is used to copy a string but the length is given incorrectly leading to a heap buffer overflow.

An strcpy overflows a heap buffer.

A strcpy does not overflows a stack buffer because a check is made to avoid an overflow condition.

A strcpy overflows a stack buffer. A check was made to avoid an overflow condition but the check is off by one.

System() is called with user-provided data but the data is strictly scrutinized first.

The use of a hard-coded password increases the possibility of password guessing tremendously. (from TCCLASP-5_5_9_10-C)

The use of a hard-coded password increases the possibility of password guessing tremendously. (from TCCLASP-5_5_9_10-C)

Sometimes an error is detected, and bad or no action is taken. (from TCCLASP-5_6_19_10)

Sometimes an error is detected, and bad or no action is taken. (from TCCLASP-5_6_19_10)

Test tool ability to identify potential problem of the use of static internal buffer.

this is a test of deprecation

Format string vulnerability

Format string vulnerability

Infinite loop