wangwei
/
cwetest
Not watched
1
0
Fork 0
Code
Releases 0 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
cwetest/CWE415_Double_Free__malloc_...

102 lines
2.6 kB
Raw Permalink Blame History 

  1. /* TEMPLATE GENERATED TESTCASE FILE

  2. Filename: CWE415_Double_Free__malloc_free_char_01.c

  3. Label Definition File: CWE415_Double_Free__malloc_free.label.xml

  4. Template File: sources-sinks-01.tmpl.c

  5. */

  6. /*

  7.  * @description

  8.  * CWE: 415 Double Free

  9.  * BadSource:  Allocate data using malloc() and Deallocate data using free()

  10.  * GoodSource: Allocate data using malloc()

  11.  * Sinks:

  12.  *    GoodSink: do nothing

  13.  *    BadSink : Deallocate data using free()

  14.  * Flow Variant: 01 Baseline

  15.  *

  16.  * */

  17. 

  18. #include "std_testcase.h"

  19. 

  20. #include <wchar.h>

  21. 

  22. #ifndef OMITBAD

  23. 

  24. void CWE415_Double_Free__malloc_free_char_01_bad()

  25. {

  26.     char * data;

  27.     /* Initialize data */

  28.     data = NULL;

  29.     data = (char *)malloc(100*sizeof(char));

  30.     if (data == NULL) {exit(-1);}

  31.     /* POTENTIAL FLAW: Free data in the source - the bad sink frees data as well */

  32.     free(data);

  33.     /* POTENTIAL FLAW: Possibly freeing memory twice */

  34.     free(data);

  35. }

  36. 

  37. #endif /* OMITBAD */

  38. 

  39. #ifndef OMITGOOD

  40. 

  41. /* goodG2B uses the GoodSource with the BadSink */

  42. static void goodG2B()

  43. {

  44.     char * data;

  45.     /* Initialize data */

  46.     data = NULL;

  47.     data = (char *)malloc(100*sizeof(char));

  48.     if (data == NULL) {exit(-1);}

  49.     /* FIX: Do NOT free data in the source - the bad sink frees data */

  50.     /* POTENTIAL FLAW: Possibly freeing memory twice */

  51.     free(data);

  52. }

  53. 

  54. /* goodB2G uses the BadSource with the GoodSink */

  55. static void goodB2G()

  56. {

  57.     char * data;

  58.     /* Initialize data */

  59.     data = NULL;

  60.     data = (char *)malloc(100*sizeof(char));

  61.     if (data == NULL) {exit(-1);}

  62.     /* POTENTIAL FLAW: Free data in the source - the bad sink frees data as well */

  63.     free(data);

  64.     /* do nothing */

  65.     /* FIX: Don't attempt to free the memory */

  66.     ; /* empty statement needed for some flow variants */

  67. }

  68. 

  69. void CWE415_Double_Free__malloc_free_char_01_good()

  70. {

  71.     goodG2B();

  72.     goodB2G();

  73. }

  74. 

  75. #endif /* OMITGOOD */

  76. 

  77. /* Below is the main(). It is only used when building this testcase on

  78.    its own for testing or for building a binary to use in testing binary

  79.    analysis tools. It is not used when compiling all the testcases as one

  80.    application, which is how source code analysis tools are tested. */

  81. 

  82. #ifdef INCLUDEMAIN

  83. 

  84. int main(int argc, char * argv[])

  85. {

  86.     /* seed randomness */

  87.     srand( (unsigned)time(NULL) );

  88. #ifndef OMITGOOD

  89.     printLine("Calling good()...");

  90.     CWE415_Double_Free__malloc_free_char_01_good();

  91.     printLine("Finished good()");

  92. #endif /* OMITGOOD */

  93. #ifndef OMITBAD

  94.     printLine("Calling bad()...");

  95.     CWE415_Double_Free__malloc_free_char_01_bad();

  96.     printLine("Finished bad()");

  97. #endif /* OMITBAD */

  98.     return 0;

  99. }

  100. 

  101. #endif