wangwei
/
cwetest
Not watched
1
0
Fork 0
Code
Releases 0 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
3.2 MB
55 Download
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
cwetest/CWE401_Memory_Leak__char_ca...

CWE401_Memory_Leak__char_calloc_02.c 4.2 kB
Raw Permalink Normal View History

1
3 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174 
  1. /* TEMPLATE GENERATED TESTCASE FILE

  2. Filename: CWE401_Memory_Leak__char_calloc_02.c

  3. Label Definition File: CWE401_Memory_Leak.c.label.xml

  4. Template File: sources-sinks-02.tmpl.c

  5. */

  6. /*

  7.  * @description

  8.  * CWE: 401 Memory Leak

  9.  * BadSource: calloc Allocate data using calloc()

  10.  * GoodSource: Allocate data on the stack

  11.  * Sinks:

  12.  *    GoodSink: call free() on data

  13.  *    BadSink : no deallocation of data

  14.  * Flow Variant: 02 Control flow: if(1) and if(0)

  15.  *

  16.  * */

  17. 

  18. #include "std_testcase.h"

  19. 

  20. #include <wchar.h>

  21. 

  22. #ifndef OMITBAD

  23. 

  24. void CWE401_Memory_Leak__char_calloc_02_bad()

  25. {

  26.     char * data;

  27.     data = NULL;

  28.     if(1)

  29.     {

  30.         /* POTENTIAL FLAW: Allocate memory on the heap */

  31.         data = (char *)calloc(100, sizeof(char));

  32.         if (data == NULL) {exit(-1);}

  33.         /* Initialize and make use of data */

  34.         strcpy(data, "A String");

  35.         printLine(data);

  36.     }

  37.     if(1)

  38.     {

  39.         /* POTENTIAL FLAW: No deallocation */

  40.         ; /* empty statement needed for some flow variants */

  41.     }

  42. }

  43. 

  44. #endif /* OMITBAD */

  45. 

  46. #ifndef OMITGOOD

  47. 

  48. /* goodB2G1() - use badsource and goodsink by changing the second 1 to 0 */

  49. static void goodB2G1()

  50. {

  51.     char * data;

  52.     data = NULL;

  53.     if(1)

  54.     {

  55.         /* POTENTIAL FLAW: Allocate memory on the heap */

  56.         data = (char *)calloc(100, sizeof(char));

  57.         if (data == NULL) {exit(-1);}

  58.         /* Initialize and make use of data */

  59.         strcpy(data, "A String");

  60.         printLine(data);

  61.     }

  62.     if(0)

  63.     {

  64.         /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

  65.         printLine("Benign, fixed string");

  66.     }

  67.     else

  68.     {

  69.         /* FIX: Deallocate memory */

  70.         free(data);

  71.     }

  72. }

  73. 

  74. /* goodB2G2() - use badsource and goodsink by reversing the blocks in the second if */

  75. static void goodB2G2()

  76. {

  77.     char * data;

  78.     data = NULL;

  79.     if(1)

  80.     {

  81.         /* POTENTIAL FLAW: Allocate memory on the heap */

  82.         data = (char *)calloc(100, sizeof(char));

  83.         if (data == NULL) {exit(-1);}

  84.         /* Initialize and make use of data */

  85.         strcpy(data, "A String");

  86.         printLine(data);

  87.     }

  88.     if(1)

  89.     {

  90.         /* FIX: Deallocate memory */

  91.         free(data);

  92.     }

  93. }

  94. 

  95. /* goodG2B1() - use goodsource and badsink by changing the first 1 to 0 */

  96. static void goodG2B1()

  97. {

  98.     char * data;

  99.     data = NULL;

  100.     if(0)

  101.     {

  102.         /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

  103.         printLine("Benign, fixed string");

  104.     }

  105.     else

  106.     {

  107.         /* FIX: Use memory allocated on the stack with ALLOCA */

  108.         data = (char *)ALLOCA(100*sizeof(char));

  109.         /* Initialize and make use of data */

  110.         strcpy(data, "A String");

  111.         printLine(data);

  112.     }

  113.     if(1)

  114.     {

  115.         /* POTENTIAL FLAW: No deallocation */

  116.         ; /* empty statement needed for some flow variants */

  117.     }

  118. }

  119. 

  120. /* goodG2B2() - use goodsource and badsink by reversing the blocks in the first if */

  121. static void goodG2B2()

  122. {

  123.     char * data;

  124.     data = NULL;

  125.     if(1)

  126.     {

  127.         /* FIX: Use memory allocated on the stack with ALLOCA */

  128.         data = (char *)ALLOCA(100*sizeof(char));

  129.         /* Initialize and make use of data */

  130.         strcpy(data, "A String");

  131.         printLine(data);

  132.     }

  133.     if(1)

  134.     {

  135.         /* POTENTIAL FLAW: No deallocation */

  136.         ; /* empty statement needed for some flow variants */

  137.     }

  138. }

  139. 

  140. void CWE401_Memory_Leak__char_calloc_02_good()

  141. {

  142.     goodB2G1();

  143.     goodB2G2();

  144.     goodG2B1();

  145.     goodG2B2();

  146. }

  147. 

  148. #endif /* OMITGOOD */

  149. 

  150. /* Below is the main(). It is only used when building this testcase on

  151.    its own for testing or for building a binary to use in testing binary

  152.    analysis tools. It is not used when compiling all the testcases as one

  153.    application, which is how source code analysis tools are tested. */

  154. 

  155. #ifdef INCLUDEMAIN

  156. 

  157. int main(int argc, char * argv[])

  158. {

  159.     /* seed randomness */

  160.     srand( (unsigned)time(NULL) );

  161. #ifndef OMITGOOD

  162.     printLine("Calling good()...");

  163.     CWE401_Memory_Leak__char_calloc_02_good();

  164.     printLine("Finished good()");

  165. #endif /* OMITGOOD */

  166. #ifndef OMITBAD

  167.     printLine("Calling bad()...");

  168.     CWE401_Memory_Leak__char_calloc_02_bad();

  169.     printLine("Finished bad()");

  170. #endif /* OMITBAD */

  171.     return 0;

  172. }

  173. 

  174. #endif

No Description

Contributors (1)
All