Downloads:
Back to the previous page
| Test Case ID |  153302 |
| Bad / Good / Mixed | Bad |
| Author | IARPA STONESOUP Test and Evaluation team |
| Associations | Test suite: 102 Application: 3 |
| Added by | Charles Oliveira |
| Language | C |
| Type of test case | Source Code |
| Input string | |
| Expected Output | |
| Instructions | See src/INSTALL file for instructions on how to install. |
| Submission date | 2015-10-06 |
| Description | This test case implements an improper array index validation that can cause a function pointer to get overwritten leading to a segfault. The test case takes untrusted user input and uses it to calculate array indexes which then get modified. If the untrusted input contains certain ASCII characters the array index calculation will result in a negative array index, modifying memory that it should not be accessing. Metadata - Base program: GNU Grep - Source Taint: FILE_CONTENTS - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE |
| File(s) |
|
| Flaw |
There are no comments
Have any comments on this test case? Please,
.
- dfa.c
- runFifos.py
- service_mon.sh
- C-C129A-GREP-01-ST02-DT02-DF11-CF20-01.xml
- C-C129A-GREP-01-ST02-DT02-DF11-CF20-01.yaml
File Contains:
CWE-129: Improper Validation of Array Index on line(s): 4108, 4109, 4110, 4111, 4112, 4113, 4114, 4115, 4116, 4117, 4118, 4119, 4120, 4121, 4122, 4123, 4124, 4125, 4126, 4127, 4128
CWE-129: Improper Validation of Array Index on line(s): 4108, 4109, 4110, 4111, 4112, 4113, 4114, 4115, 4116, 4117, 4118, 4119, 4120, 4121, 4122, 4123, 4124, 4125, 4126, 4127, 4128