SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #153776

Back to the previous page... Back to the previous page

Test Case IDCandidate153776
Bad / Good / MixedBadBad test case
AuthorIARPA STONESOUP Test and Evaluation team
Associations
Test suite: 102  
Application: 18  
Added byCharles Oliveira
LanguageC
Type of test caseSource Code
Input string
Expected Output
Instructions
See src/INSTALL file for instructions on how to install.
Submission date2015-10-06
DescriptionThis test case allocates a struct on the heap that contains an 8-character buffer, followed by a pointer. The pointer is set to point to the beginning of the 8-character buffer. The taint source is copied into the 8-character buffer, using strncpy, but the length is incorrectly capped at the length of the taint source rather than the length of the 8-character buffer. If the taint source is 8 characters or longer, the strncpy will overflow the 8-character buffer, over-writing the pointer that follows it. The test case then call strlen on the following pointer, and if this point is not valid (due to the overflow), this will cause a segmentation fault.
Metadata
- Base program: Gimp
- Source Taint: SHARED_MEMORY
- Data Type: TYPEDEF
- Data Flow: ADDRESS_AS_NONLINEAR_EXPRESSION
- Control Flow: INFINITE_LOOP
File(s)
Flaw

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-805: Buffer Access with Incorrect Length Value on line(s): 1339, 1340, 1341, 1342, 1343, 1344, 1345, 1346, 1347