wangwei
/
cwetest
Not watched
1
0
Fork 0
Code
Releases 0 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
3.2 MB
55 Download
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
cwetest/CWE122_Heap_Based_Buffer_Ov...

CWE122_Heap_Based_Buffer_Overflow__CWE131_loop_01.c 2.5 kB
Raw Permalink Normal View History

1
3 years ago
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798 
  1. /* TEMPLATE GENERATED TESTCASE FILE

  2. Filename: CWE122_Heap_Based_Buffer_Overflow__CWE131_loop_01.c

  3. Label Definition File: CWE122_Heap_Based_Buffer_Overflow__CWE131.label.xml

  4. Template File: sources-sink-01.tmpl.c

  5. */

  6. /*

  7.  * @description

  8.  * CWE: 122 Heap Based Buffer Overflow

  9.  * BadSource:  Allocate memory without using sizeof(int)

  10.  * GoodSource: Allocate memory using sizeof(int)

  11.  * Sink: loop

  12.  *    BadSink : Copy array to data using a loop

  13.  * Flow Variant: 01 Baseline

  14.  *

  15.  * */

  16. 

  17. #include "std_testcase.h"

  18. 

  19. #ifndef OMITBAD

  20. 

  21. void CWE122_Heap_Based_Buffer_Overflow__CWE131_loop_01_bad()

  22. {

  23.     int * data;

  24.     data = NULL;

  25.     /* FLAW: Allocate memory without using sizeof(int) */

  26.     data = (int *)malloc(10);

  27.     if (data == NULL) {exit(-1);}

  28.     {

  29.         int source[10] = {0};

  30.         size_t i;

  31.         /* POTENTIAL FLAW: Possible buffer overflow if data was not allocated correctly in the source */

  32.         for (i = 0; i < 10; i++)

  33.         {

  34.             data[i] = source[i];

  35.         }

  36.         printIntLine(data[0]);

  37.         free(data);

  38.     }

  39. }

  40. 

  41. #endif /* OMITBAD */

  42. 

  43. #ifndef OMITGOOD

  44. 

  45. /* goodG2B uses the GoodSource with the BadSink */

  46. static void goodG2B()

  47. {

  48.     int * data;

  49.     data = NULL;

  50.     /* FIX: Allocate memory using sizeof(int) */

  51.     data = (int *)malloc(10*sizeof(int));

  52.     if (data == NULL) {exit(-1);}

  53.     {

  54.         int source[10] = {0};

  55.         size_t i;

  56.         /* POTENTIAL FLAW: Possible buffer overflow if data was not allocated correctly in the source */

  57.         for (i = 0; i < 10; i++)

  58.         {

  59.             data[i] = source[i];

  60.         }

  61.         printIntLine(data[0]);

  62.         free(data);

  63.     }

  64. }

  65. 

  66. void CWE122_Heap_Based_Buffer_Overflow__CWE131_loop_01_good()

  67. {

  68.     goodG2B();

  69. }

  70. 

  71. #endif /* OMITGOOD */

  72. 

  73. /* Below is the main(). It is only used when building this testcase on

  74.  * its own for testing or for building a binary to use in testing binary

  75.  * analysis tools. It is not used when compiling all the testcases as one

  76.  * application, which is how source code analysis tools are tested.

  77.  */

  78. 

  79. #ifdef INCLUDEMAIN

  80. 

  81. int main(int argc, char * argv[])

  82. {

  83.     /* seed randomness */

  84.     srand( (unsigned)time(NULL) );

  85. #ifndef OMITGOOD

  86.     printLine("Calling good()...");

  87.     CWE122_Heap_Based_Buffer_Overflow__CWE131_loop_01_good();

  88.     printLine("Finished good()");

  89. #endif /* OMITGOOD */

  90. #ifndef OMITBAD

  91.     printLine("Calling bad()...");

  92.     CWE122_Heap_Based_Buffer_Overflow__CWE131_loop_01_bad();

  93.     printLine("Finished bad()");

  94. #endif /* OMITBAD */

  95.     return 0;

  96. }

  97. 

  98. #endif

No Description

Contributors (1)
All