Back to the previous page
Test Case ID | ![]() |
Bad / Good / Mixed | Bad![]() |
Author | IARPA STONESOUP Test and Evaluation team |
Associations | Test suite: 102 Application: 18 |
Added by | Charles Oliveira |
Language | C |
Type of test case | Source Code |
Input string | |
Expected Output | |
Instructions | See src/INSTALL file for instructions on how to install. |
Submission date | 2015-10-06 |
Description | This test case creates a function pointer that takes 2 const char * as input and returns an int. If the length of the taint source is 0 mod 3, the test case sets the function pointer to be strcmp. If the length of the taint source is 1 mod 3, the test case sets the function pointer to strcoll. Otherwise the test case sets the function pointer to be the address passed in by the taint source. When the test case calls the function pointer, if the function pointer is strcmp or strcoll, the weakness proceeds without error. However, if the function pointer is the value passed in from the taint source, the function call results in a segmentation fault or illegal instruction fault. Metadata - Base program: Gimp - Source Taint: SHARED_MEMORY - Data Type: ARRAY - Data Flow: BUFFER_ADDRESS_POINTER - Control Flow: MACROS |
File(s) |
|
Flaw |
There are no comments
Have any comments on this test case? Please,
.
- gimpimage.c
- service_mon.sh
- shm_setup.c
- C-C822A-GIMP-05-ST04-DT01-DF17-CF22-01.yaml
- runFifos.py
- C-C822A-GIMP-05-ST04-DT01-DF17-CF22-01.xml
File Contains:
CWE-822: Untrusted Pointer Dereference on line(s): 7003, 7004, 7005
CWE-822: Untrusted Pointer Dereference on line(s): 7003, 7004, 7005