CWE: 195 Signed to Unsigned Conversion Error BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Positive integer Sink: malloc BadSink : Allocate memory using malloc() with the size of data Flow Variant: 52 Data flow: data passed as an argument from one functio...

CWE: 194 Unexpected Sign Extension BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Positive integer Sinks: malloc BadSink : Allocate memory using malloc() with the size of data Flow Variant: 45 Data flow: data passed as a static global variable from one f...

CWE: 190 Integer Overflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Set data to a small, non-zero number (two) Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow Flow Variant: 64 D...

CWE: 190 Integer Overflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Set data to a small, non-zero number (two) Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow Flow Variant: 32 D...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for int GoodSource: Set data to a small, non-zero number (two) Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow Flow Variant: 43 Data flow: d...

CWE: 190 Integer Overflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Set data to a small, non-zero number (two) Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow Flow Variant: 10 C...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy data to string using wcscpy Flow Variant: 21 Control flow: Flow controlled by value of a static global variable. ...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 01 Baseline

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: ncpy BadSink : Copy string to data using wcsncpy Flow Variant: 21 Control flow: Flow controlled by value of a static global variable...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: cpy BadSink : Copy string to data using wcscpy Flow Variant: 61 Data flow: data returned from one function to another in different ...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize the source buffer using the size of a pointer GoodSource: Initialize the source buffer using the size of the DataElementType Sink: BadSink : Print then free data Flow Variant: 17 Control flow: for loops

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncpy BadSink : Copy data to string using strncpy Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 122 Heap Based Buffer Overflow BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Larger than zero but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant: ...

CWE: 122 Heap Based Buffer Overflow BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Larger than zero but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant: ...

CWE: 122 Heap Based Buffer Overflow BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Larger than zero but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate memory without using sizeof(int) GoodSource: Allocate memory using sizeof(int) Sink: memcpy BadSink : Copy array to data using memcpy() Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 122 Heap Based Buffer Overflow Sinks: type_overrun_memcpy GoodSink: Perform the memcpy() and prevent overwriting part of the structure BadSink : Overwrite part of the structure by incorrectly using the sizeof(struct) in memcpy() Flow Variant: 14 Control flow: if(globalFive==5) and if(glo...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: snprintf BadSink : Copy string to data using snprintf Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: memmove BadSink : Copy twoIntsStruct array to data using memmove Flow Variant: 31 Data flow using a copy of data within the same function

The test case shows a Stack Overflow.

This is a \"fix\" of a heap overflow.

This test case is a \"fix\" to an exposed Heap Overflow with an array index complexity.

This test case shows a Heap Overflow

This test case exposes a Heap Overflow with an array index complexity.

CWE: 89 SQL Injection BadSource: Environment Read a string from an environment variable GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 53 Data flow: data passed as an argument from one met...