A file is accessed only once by name with all futher accesses being through the file descriptor.

Tainted input allows command execution. (fixed version)

A read generates a string that may not have a NUL termination. A NUL character is added to ensure termination.

A strncpy generates a string with a missing NUL termination. A NUL is explicitely added to ensure that the string is NUL terminated.

Memory resources are referenced indefinitely but never used, resulting in a memory leak. (fixed version 2)

Memory resources are referenced indefinitely but never used, resulting in a memory leak. (fixed version)

Tainted output allows log entries to be forged. (fixed version)

Tainted output allows log entries to be forged. (fixed version)

integer overflow results in a short malloc and an overflow. A guard in the caller is used to protect against the overflow.

integer overflow results in a short malloc and an overflow. A guard is put in place to protect against the overflow.

An exception leaks internal path information to the user. (fixed version)

The credentials for connecting to the database are hard-wired into the sourcecode. (fixed version 2)

The credentials for connecting to the database are hard-wired into the sourcecode. (fixed version)

Printf is called with a format from a table. This is not a defect.

Tainted input allows arbitrary files to be read and written. (fixed version)

A chroot() is performed with a chdir().

The semantics of virtual functions. As most C++ compilers implement virtual functions using a Virtual Function Table (VTBL). The VTBL is an array of function pointers that is used at runtime for dispatching virtual function calls. It"s possible to overwrite function pointers in the VTBL or change...

Exploits of the .dtors section. An attacker can transfer control to arbitrary code by overwriting the address of the function pointer in the .dtors section. This .dtors section exists only in programs that have been compiled and linked with GCC. From "Secure Coding in C and C++" by Robert C. Seac...

Extracting object from cin to std::string object. This example is quite safe because if there is a buffer overflow, C++ will throw a out_of_range exception. From "Secure Coding in C and C++" by Robert C. Seacord. Page 61, Figure 2-33

Input validation. The size of the first argument must be lower than 99 even it will produces a buffer overflow when copied into the buff array. From "Secure Coding in C and C++" by Robert C. Seacord. Page 52, Figure 2-29

Extracting characters using the field width member. Ensure that the operator>> will not extract more thant 12 characters. From "Secure Coding in C and C++" by Robert C. Seacord. Page 29, Figure 2-5

Dynamic allocation of the character array ensure that sufficient space is allocated to copy the input and the null character. From "Secure Coding in C and C++" by Robert C. Seacord. Page 28, Figure 2-3

Memory for a Struct object is freed and not referenced further.

Memory is freed, then the pointer variable (not the memory location) is assigned a value.

Variable used as index of array is correctly initialized before use.