wangwei
/
cwetest
Not watched
1
0
Fork 0
Code
Releases 0 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
3.2 MB
55 Download
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
cwetest/CWE415_Double_Free__malloc_...

CWE415_Double_Free__malloc_free_char_02.c 4.2 kB
Raw Permalink Normal View History

1
3 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171 
  1. /* TEMPLATE GENERATED TESTCASE FILE

  2. Filename: CWE415_Double_Free__malloc_free_char_02.c

  3. Label Definition File: CWE415_Double_Free__malloc_free.label.xml

  4. Template File: sources-sinks-02.tmpl.c

  5. */

  6. /*

  7.  * @description

  8.  * CWE: 415 Double Free

  9.  * BadSource:  Allocate data using malloc() and Deallocate data using free()

  10.  * GoodSource: Allocate data using malloc()

  11.  * Sinks:

  12.  *    GoodSink: do nothing

  13.  *    BadSink : Deallocate data using free()

  14.  * Flow Variant: 02 Control flow: if(1) and if(0)

  15.  *

  16.  * */

  17. 

  18. #include "std_testcase.h"

  19. 

  20. #include <wchar.h>

  21. 

  22. #ifndef OMITBAD

  23. 

  24. void CWE415_Double_Free__malloc_free_char_02_bad()

  25. {

  26.     char * data;

  27.     /* Initialize data */

  28.     data = NULL;

  29.     if(1)

  30.     {

  31.         data = (char *)malloc(100*sizeof(char));

  32.         if (data == NULL) {exit(-1);}

  33.         /* POTENTIAL FLAW: Free data in the source - the bad sink frees data as well */

  34.         free(data);

  35.     }

  36.     if(1)

  37.     {

  38.         /* POTENTIAL FLAW: Possibly freeing memory twice */

  39.         free(data);

  40.     }

  41. }

  42. 

  43. #endif /* OMITBAD */

  44. 

  45. #ifndef OMITGOOD

  46. 

  47. /* goodB2G1() - use badsource and goodsink by changing the second 1 to 0 */

  48. static void goodB2G1()

  49. {

  50.     char * data;

  51.     /* Initialize data */

  52.     data = NULL;

  53.     if(1)

  54.     {

  55.         data = (char *)malloc(100*sizeof(char));

  56.         if (data == NULL) {exit(-1);}

  57.         /* POTENTIAL FLAW: Free data in the source - the bad sink frees data as well */

  58.         free(data);

  59.     }

  60.     if(0)

  61.     {

  62.         /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

  63.         printLine("Benign, fixed string");

  64.     }

  65.     else

  66.     {

  67.         /* do nothing */

  68.         /* FIX: Don't attempt to free the memory */

  69.         ; /* empty statement needed for some flow variants */

  70.     }

  71. }

  72. 

  73. /* goodB2G2() - use badsource and goodsink by reversing the blocks in the second if */

  74. static void goodB2G2()

  75. {

  76.     char * data;

  77.     /* Initialize data */

  78.     data = NULL;

  79.     if(1)

  80.     {

  81.         data = (char *)malloc(100*sizeof(char));

  82.         if (data == NULL) {exit(-1);}

  83.         /* POTENTIAL FLAW: Free data in the source - the bad sink frees data as well */

  84.         free(data);

  85.     }

  86.     if(1)

  87.     {

  88.         /* do nothing */

  89.         /* FIX: Don't attempt to free the memory */

  90.         ; /* empty statement needed for some flow variants */

  91.     }

  92. }

  93. 

  94. /* goodG2B1() - use goodsource and badsink by changing the first 1 to 0 */

  95. static void goodG2B1()

  96. {

  97.     char * data;

  98.     /* Initialize data */

  99.     data = NULL;

  100.     if(0)

  101.     {

  102.         /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

  103.         printLine("Benign, fixed string");

  104.     }

  105.     else

  106.     {

  107.         data = (char *)malloc(100*sizeof(char));

  108.         if (data == NULL) {exit(-1);}

  109.         /* FIX: Do NOT free data in the source - the bad sink frees data */

  110.     }

  111.     if(1)

  112.     {

  113.         /* POTENTIAL FLAW: Possibly freeing memory twice */

  114.         free(data);

  115.     }

  116. }

  117. 

  118. /* goodG2B2() - use goodsource and badsink by reversing the blocks in the first if */

  119. static void goodG2B2()

  120. {

  121.     char * data;

  122.     /* Initialize data */

  123.     data = NULL;

  124.     if(1)

  125.     {

  126.         data = (char *)malloc(100*sizeof(char));

  127.         if (data == NULL) {exit(-1);}

  128.         /* FIX: Do NOT free data in the source - the bad sink frees data */

  129.     }

  130.     if(1)

  131.     {

  132.         /* POTENTIAL FLAW: Possibly freeing memory twice */

  133.         free(data);

  134.     }

  135. }

  136. 

  137. void CWE415_Double_Free__malloc_free_char_02_good()

  138. {

  139.     goodB2G1();

  140.     goodB2G2();

  141.     goodG2B1();

  142.     goodG2B2();

  143. }

  144. 

  145. #endif /* OMITGOOD */

  146. 

  147. /* Below is the main(). It is only used when building this testcase on

  148.    its own for testing or for building a binary to use in testing binary

  149.    analysis tools. It is not used when compiling all the testcases as one

  150.    application, which is how source code analysis tools are tested. */

  151. 

  152. #ifdef INCLUDEMAIN

  153. 

  154. int main(int argc, char * argv[])

  155. {

  156.     /* seed randomness */

  157.     srand( (unsigned)time(NULL) );

  158. #ifndef OMITGOOD

  159.     printLine("Calling good()...");

  160.     CWE415_Double_Free__malloc_free_char_02_good();

  161.     printLine("Finished good()");

  162. #endif /* OMITGOOD */

  163. #ifndef OMITBAD

  164.     printLine("Calling bad()...");

  165.     CWE415_Double_Free__malloc_free_char_02_bad();

  166.     printLine("Finished bad()");

  167. #endif /* OMITBAD */

  168.     return 0;

  169. }

  170. 

  171. #endif

No Description

Contributors (1)
All