National Institute of Standards and Technology
Package illustrating a test case

Test case 153028

Description

This test case implements an improper array index validation that can cause a function pointer to get overwritten leading to a segfault. The test case takes untrusted user input and uses it to calculate array indexes which then get modified. If the untrusted input contains certain ASCII characters the array index calculation will result in a negative array index, modifying memory that it should not be accessing.
Metadata
- Base program: Tree
- Source Taint: SHARED_MEMORY
- Data Type: SIMPLE
- Data Flow: BASIC
- Control Flow: SEQUENCE

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.