National Institute of Standards and Technology
Package illustrating a test case

Test case 153766

Description

This test case creates a buffer on the stack of 1024 bytes and buffer on the heap of 64 bytes. It copies the taint source into the 1024-char buffer. It checks if the length of the taint source is less than the length of the 64-byte buffer. If it is, it uses strncpy to copy the taint source into the 64-byte buffer, with a maximum value of 1024 bytes. However, strncpy always writes the maximum number of bytes, and so writes 1024 bytes. This overflows the other data in the heap, including memory reserved for use by the memory manager. When the test case attempts to free the heap-allocated buffer, a glibc error occurs.
Metadata
- Base program: Gimp
- Source Taint: FILE_CONTENTS
- Data Type: TYPEDEF
- Data Flow: INDEX_ALIAS_50
- Control Flow: INDIRECTLY_RECURSIVE

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.