National Institute of Standards and Technology
Package illustrating a test case

Test case 153798

Description

This test case creates a struct on the stack that contains a function pointer and a char*. It examines the length of the taint source. If the length is not equal to 10, it sets the function pointer and char* within the struct to benign values. If the length is equal to 10, it does not set the function pointer or char* inside the struct, leaving them uninitialized. Subsequently, the test case calls the function pointer from the struct, using the char* from the struct as an argument. If these values have not been initialized, this will result in a segmentation fault or illegal instruction fault.
Metadata
- Base program: Subversion
- Source Taint: SOCKET
- Data Type: UNION
- Data Flow: BUFFER_ADDRESS_POINTER
- Control Flow: SET_JUMP_LONG_JUMP

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.