The test cases implements CVE-2002-1869: [em]Don\'t check if you can write a log file allow attackers to avoid logging.[/em]

The test case shows how it is easy to get a buffer overflow if a string function is misused.

The test case shows how it is easy to get a buffer overflow if a string function is misused.

The test case expose a leftover debug code. Basically developer can debug his code and get the root promotion for debugging...

This test case exposes an improper null termination which occurred when a argv contains tainted data.

The test case exposes an improper null termination in a string which is in a structure.

The test case shows an improper null termination with an address alias level as code complexity.

The test cases shows an improper null termination

This test case exposes a Heap Overflow with an array index complexity.

This test case shows a Heap Overflow

The test case shows a Heap Overflow with an array complexity.

This test case shows a hard coded password in a for loop structure.

This test case shows a hard-coded password in a local control flow.

The test case exposes a password which is hard-coded in the source code, the password is stored in a C structure.

The test cases shows hard-coded passwords; these passwords are in a array.

This test case shows a format string vulnerability in a local control flow; here, we use function pointer for control flow.

This test cases exposes a format string vulnerability with a container code complexity.

This test case shows a double free in a for loop structure.

This test case shows a double free in a local control flow complexity.

This test case exposes a Race Condition error at the line 47. Many processes can access the same file in different moment.

This test case exposes a Race Condition error at the line 26. Many processes can access the same file in different moment.[br] We can have something like that:[br] Process 1: Open File[br] Process 1: Close File[br] Process 2: Open File[br] Process 3: Open File[br] Process 2: Close File[br] Proces...

The SQL Injection is possible because the argument are not validated. The code complexity is in the call of another function to perform the MySQL query.

Since the argument (the file name) is not validated, one can open every file and print it.

The test case shows an improper null termination with a buffer address type complexity.

The arguments are not validated so, one can include a bad argument such as /etc/passwd in the list of files to print out.