Test case 149272

Type: source code
State: bad
Author: IARPA STONESOUP Test and Evaluation team
Status: candidate
Language: C
Application: cpe:2.3:a:postgresql:postgresql:9.2.4:*:*:*:*:*:*:*
Submission Date: 06 Oct 2015

Description

This test case reads the taint source. If the length of the taint source is 63 bytes or less, it allocates a buffer to copy the taint source into. It then copies the taint source into the buffer, regardless of whether it actually allocated any memory or not. If it did not allocate memory, the buffer pointer is still NULL, and this causes a NULL pointer dereference.
Metadata
- Base program: PostgreSQL
- Source Taint: FILE_CONTENTS
- Data Type: SIMPLE
- Data Flow: ADDRESS_AS_CONSTANT
- Control Flow: SEQUENCE

Flaws

CWE-476 NULL Pointer Dereference

Test Suites

PostgreSQL 9.2.4
IARPA STONESOUP Phase 3 - Test Cases

Documentation

Overview.pdf
Test Case Creation Guide.pdf
Weaknesses Documentation.pdf
TEXAS User Guide.pdf
Communication API Guide.pdf
System Design Document.pdf
Test and Evaluation Phase 3 Final Report.pdf
Test Generation Report
Grammatech Report.pdf
MINESTRONE Report.pdf

Have any comments on this test case? Please, send us an email.