Downloads:
Back to the previous page
| Test Case ID |  153244 |
| Bad / Good / Mixed | Bad |
| Author | IARPA STONESOUP Test and Evaluation team |
| Associations | Test suite: 102 Application: 6 |
| Added by | Charles Oliveira |
| Language | C |
| Type of test case | Source Code |
| Input string | |
| Expected Output | |
| Instructions | See src/INSTALL file for instructions on how to install. |
| Submission date | 2015-10-06 |
| Description | This test case allocates a struct on the heap that contains an 8-character buffer, followed by a pointer. The pointer is set to point to the beginning of the 8-character buffer. The taint source is copied into the 8-character buffer, using strncpy, but the length is incorrectly capped at the length of the taint source rather than the length of the 8-character buffer. If the taint source is 8 characters or longer, the strncpy will overflow the 8-character buffer, over-writing the pointer that follows it. The test case then call strlen on the following pointer, and if this point is not valid (due to the overflow), this will cause a segmentation fault. Metadata - Base program: Tree - Source Taint: FILE_CONTENTS - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE |
| File(s) |
|
| Flaw |
There are no comments
Have any comments on this test case? Please,
.
- color.c
- runFifos.py
- service_mon.sh
- C-C805C-CTRE-01-ST02-DT02-DF11-CF20-01.xml
- C-C805C-CTRE-01-ST02-DT02-DF11-CF20-01.yaml
File Contains:
CWE-805: Buffer Access with Incorrect Length Value on line(s): 584, 585, 586, 587, 588, 589, 590, 591, 592
CWE-805: Buffer Access with Incorrect Length Value on line(s): 584, 585, 586, 587, 588, 589, 590, 591, 592